On Sun, 21 Apr 2002 17:34:53 -0400 (EDT) Richard Welty <rwelty_at_averillpark.net> wrote:
>
> i'm somewhat new to frees/wan, although i have some prior experience
> with a
> commercial ipsec product.
...
> proposal # mismatch. this observation was made by issuing the following
> command on the bridging firewall:
>
> tcpdump -i br0 | grep isakmp
>
> if the third party with the AS/400 initiates the connection, i see the
> phase 1 initiator packets coming from the AS/400, but no responder
> packets
> going back from the linux/Frees/wan system.
hopefully, since i've gotten further along, someone will be able to help
with the current problem:
there were two configuration errors on the iptables firewall which were
preventing phase 1 from going forward. those are now fixed, and now i'm
dealing with the implications of isakmp through NAT. hopefully someone will
have a solution to this problem. the AS/400 is stopping in phase 1,
complaining about the id values. the private IP of the linux box
w/freeswwan is 192.168.254.49; the public IP is, let's say, 192.0.2.49 (no
it's not really, but prudence dictates i keep my client's identity to
myself).
the error being generated by the AS/400 when it initiates the isakmp
exchange is:
Cause . . . . . : The local key connection group specifies 192.0.2.49 as
the remote VPN connection endpoint. However, during key connection
negotiation, the remote system sent 192.168.254.49 as its identifier.
so how do i get isakmp to sync up through 1-to-1 nat? any suggestions?
thanks,
richard
--
Richard Welty rwelty_at_averillpark.net
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:53 CEST