Re[2]: [Users] isakmp/ike negotiation problems

• Next message: a_khalid98458: "[Users] A funny game"
• Previous message: Richard Welty: "Re: [Users] isakmp/ike negotiation problems"
• In reply to: Richard Welty: "Re: [Users] isakmp/ike negotiation problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Mon, 22 Apr 2002 18:53:16 -0400 (EDT) Richard Welty <rwelty_at_averillpark.net> wrote:

current problem:
> the error being generated by the AS/400 when it initiates the isakmp
> exchange is:
 
> Cause . . . . . : The local key connection group specifies 192.0.2.49
> as
> the remote VPN connection endpoint. However, during key connection
> negotiation, the remote system sent 192.168.254.49 as its identifier.
 
> so how do i get isakmp to sync up through 1-to-1 nat? any suggestions?

ok, nevermind. i've now worked out (through reviewing an IPSec reference)
that if you want to do main mode through 1-to-1 nat, you need to use an RSA
or DSS key.

richard

--
Richard Welty                                         rwelty_at_averillpark.net
Averill Park Networking                                         518-573-7592
              Unix, Linux, IP Network Engineering, Security
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: a_khalid98458: "[Users] A funny game"
• Previous message: Richard Welty: "Re: [Users] isakmp/ike negotiation problems"
• In reply to: Richard Welty: "Re: [Users] isakmp/ike negotiation problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:53 CEST