Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] W2K: "New policy invalidated SAs formed with old policy"

From: Bob Kupperstein (bobk_at_bluesocket.com)
Date: Mon Mar 25 2002 - 17:14:38 CET

Next message: Andreas Steffen: "RE: [Users] CRL reload?"
Previous message: David Hajek: "[Users] CRL reload?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Is anyone familiar with this message and it's ramifications?

I'm testing and made a successful ipsec session. Now I've made changes
to my policy on the server (Linux) side, and I get this message during
Main mode IKE negotiations.

Do I need to clear old SA's from the previous session? How do I do
this?

Thanks,

-Bob

Oakley log from W2K:

3-25: 10:42:02:678 Sending: SA = 0x00239FB8 to 192.168.160.1
3-25: 10:42:02:678 ISAKMP Header: (V1.0), len = 216
3-25: 10:42:02:678 I-COOKIE b3fae143c0ea27a9
3-25: 10:42:02:678 R-COOKIE 0000000000000000
3-25: 10:42:02:678 exchange: Oakley Main Mode
3-25: 10:42:02:678 flags: 0
3-25: 10:42:02:678 next payload: SA
3-25: 10:42:02:678 message ID: 00000000
3-25: 10:42:31:52c flush guid(ipsec):
e659ef36-cce1-42f4-88e3d8479b672c34
3-25: 10:42:31:52c Actually flushing guid(ipsec):
e659ef36-cce1-42f4-88e3d8479b672c34
3-25: 10:42:31:52c isadb_schedule_kill_oldPolicy_sas:
e659ef36-cce1-42f4-88e3d8479b672c34 0
3-25: 10:42:31:52c Added Timeout 124838
3-25: 10:42:31:52c flush guid(ipsec):
8c20b319-7a6d-46c1-b00a18f53da78257
3-25: 10:42:31:52c Actually flushing guid(ipsec):
8c20b319-7a6d-46c1-b00a18f53da78257
3-25: 10:42:31:52c isadb_schedule_kill_oldPolicy_sas:
8c20b319-7a6d-46c1-b00a18f53da78257 0
3-25: 10:42:31:52c Added Timeout 101bf0
3-25: 10:42:31:678 entered kill_old_policy_sas
3-25: 10:42:31:678 SA Dead. sa:00239FB8 status:cbad0351
3-25: 10:42:31:678 isadb_set_status sa:00239FB8 centry:00000000 status
cbad0351
3-25: 10:42:31:678 Stopping RetransTimer sa:00239FB8 centry:00000000
handle:0013BC60
3-25: 10:42:31:760 entered kill_old_policy_sas
3-25: 10:42:31:678 Key Exchange Mode (Main Mode)

3-25: 10:42:31:678 Source IP Address 192.168.160.254

Source IP Address Mask 255.255.255.255

Destination IP Address 192.168.160.1

Destination IP Address Mask 255.255.255.255

Protocol 0

Source Port 0

Destination Port 0

3-25: 10:42:31:678 Me

3-25: 10:42:31:678 New policy invalidated SAs formed with old policy

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Andreas Steffen: "RE: [Users] CRL reload?"
Previous message: David Hajek: "[Users] CRL reload?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:46 CEST