|
||||||||
Change the preshared keys to be the same on both machines. -----Original Message----- From: friscom at tin dot it [mailto:friscom at tin dot it] Sent: Monday, September 06, 2004 8:36 AM To: m0n0wall at lists dot m0n0 dot ch Cc: Terry Miller Subject: RE: [m0n0wall] Error messages on an IPSec VPN - more details Terry and others, I understand I better specify with more details my configurations. Basic HW is 2 Soekris 4501 boxes with m0n0wall 1.0 installed. Such hw includes 3 ethernet ports each, named: eth0 (sis0), eth1(sis1),... I configured it in the follwoing manner: FW1 FW2 eth0 (LAN)-192.168.1.22 eth0 (LAN)-192.168.2.24 eth1 (OPT)-176.20.0.22 eth1 (OPT)-176.20.0.24 eth2 (WAN)-10.0.0.22 eth2 (WAN)-10.0.0.24 There is a crosscable between the two OPT interfaces. Both configurations use the following IPSec settings: Interface OPT (both) Local Subnet LAN (both) Remote subnet 192.168.2.0/24 192.168.1.0/24 Remote gateway 176.20.0.24 176.20.0.22 Phase 1 Negotiation- aggesssive My identifier- (My address) Encryption- 3DES hash- MD5 DH key - type 5 PSK- testVPN lifetime- 28800 Phase 2 Protocol- ESP Encryption- AES hash- MD5 PSF key group- off lifetime- 86400 Identifier: two (different and) valid email addresses Preshared keys: different per each configuration mono1VPN mono2VPN The SPD reports the correct configuration for the VPN tunnel as per above The SAD err message is: "No IPsec security association" Thanks to everyone willing to share their knowledge Francesco --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |