Hi,
I'm having some problems with freeswan talking to a cisco 7200.
I'm initiating 112 tunnels (The other side won;t aggregate them for some
reason) to the Cisco. The tunnels all intiate wthout any problems. (Is
there anyway to speed this up by the way?). And traffic passes over the
problems without any issues.
However after some random amount of time the tunnels stop
working. If I setup a ping job to constantly ping soething down the
other end of the tunnel then the tunnel will stay up for ever. So it
seems like some sort of "I haven't seen any traffic" timer is expiring
at the Cisco end.
Has anyone seen anything similar to this behaviour before? I
unfortunately don't have acces to the cisco end so debugging has been
difficult.
Config on freeswn end is
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=all
plutoload=%search
plutostart=%search
uniqueids=yes
overridemtu=1412
conn %default
keyingtries=0
conn usgw10.0.0.0
rightsubnet=10.0.0.0/16
also=commongw
auto=start
conn commongw
right=x.x.x.x
rightnexthop=%defaultroute
leftnexthop=%defaultroute
left=y.y.y.y
authby=secret
pfs=no
ikelifetime=8h
keylife=8h
the cisco end is like so
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
lifetime 28800
crypto isakmp key ***** address x.x.x.x
crypto ipsec transform-set APAC esp-3des esp-md5-hmac
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
crypto map Office_map 3 ipsec-isakmp
description Melbourne
set peer x.x.x.x
set transform-set APAC
match address 102
-- John http://www.inodes.org/ _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST