[ previous ] [ next ] [ threads ]
 
 From:  sylikc <sylikc at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0wall IPSec "not acceptable Agressive Mode"
 Date:  Thu, 22 Jul 2004 13:43:17 -0700
Hi,

I've been reading through all the threads regarding IPSec and I still
can't get my mobile IPSec going.

I have m0n0wall configured exactly the way specified in the FAQ and I
am also using SoftRemoteLT.  However, whenever I connect, SoftRemoteLT
won't connect because it gives this error:

 7-22: 12:53:44.280 My Connections\m0n0 - Initiating IKE Phase 1 (IP
ADDR=24.205.15.241)
 7-22: 12:53:44.592 My Connections\m0n0 - SENDING>>>> ISAKMP OAK AG
(SA, KE, NON, ID, VID 6x)
 7-22: 12:53:59.592 My Connections\m0n0 - message not received! Retransmitting!
 7-22: 12:53:59.592 My Connections\m0n0 - SENDING>>>> ISAKMP OAK AG
(Retransmission)
 7-22: 12:54:14.592 My Connections\m0n0 - message not received! Retransmitting!
 7-22: 12:54:14.592 My Connections\m0n0 - SENDING>>>> ISAKMP OAK AG
(Retransmission)
 7-22: 12:54:29.592 My Connections\m0n0 - message not received! Retransmitting!
 7-22: 12:54:29.592 My Connections\m0n0 - SENDING>>>> ISAKMP OAK AG
(Retransmission)
 7-22: 12:54:44.592 My Connections\m0n0 - Exceeded 3 IKE SA negotiation attempts



So, I check the system logs and I see this error (repeated a few times):

racoon: ERROR: isakmp.c:870:isakmp_ph1begin_r(): not acceptable Aggressive mode


I've tried a different version of SoftRemoteLT (9.2.1 and 10.3.3)
running different operating systems.

I am running this client behind a NAT.  I know that SoftRemote
supports NAT-T, but does m0n0wall support NAT-T?  If not, that would
explain it...

My setup is that I'm trying to connect back home from work, and most
corporate networks these days use all NAT-ed networks.


/sylikc