Re: [Users] Re: Help with Sonicwall/10 interop with FreeSWAN 1.99

From: Lucio Nino Rossi (lnrossi_at_qeeg.npi.ucla.edu)
Date: Fri Nov 08 2002 - 02:06:06 CET

• Next message: Lucio Nino Rossi: "Re: [Users] Re: Help with Sonicwall/10 interop with FreeSWAN 1.99"
• Previous message: Sam Sgro: "Re: [Users] IPSEC Routing table manipulation ???"
• In reply to: Sam Sgro: "Re: [Users] Re: Help with Sonicwall/10 interop with FreeSWAN 1.99"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
The sonicwall is receiving the IKE packets now when I set up a IKE SA. but
the sonicwall log isn't good enough to determine what it is doing with the
packets.

The IKE tunnel has this as the negotiation information:

104 "cookrsync1" #1: STATE_MAIN_I1: initiate
010 "cookrsync1" #1: STATE_MAIN_I1: retransmission; will wait 20s for
response
010 "cookrsync1" #1: STATE_MAIN_I1: retransmission; will wait 40s for
response
010 "cookrsync1" #1: STATE_MAIN_I1: retransmission; will wait 40s for
response
010 "cookrsync1" #1: STATE_MAIN_I1: retransmission; will wait 40s for
response
010 "cookrsync1" #1: STATE_MAIN_I1: retransmission; will wait 40s for
response
106 "cookrsync1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
010 "cookrsync1" #1: STATE_MAIN_I2: retransmission; will wait 20s for
response
010 "cookrsync1" #1: STATE_MAIN_I2: retransmission; will wait 40s for
response
031 "cookrsync1" #1: max number of retransmissions (2) reached STATE_MAIN_I2
000 "cookrsync1" #1: starting keying attempt 2 of an unlimited number, but
releasing whack

The pluto logs are showing response from the sonicwall about deleting SA
payload. I am at a loss here.

I can do a freeswan to freeswan rsa connection no problem. This sonicwall is
giving me grief. Thanks for all of your help.

Lucio

On 11/7/02 4:35 PM, "Sam Sgro" <sam_at_freeswan.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> On Thu, 7 Nov 2002, Lucio Nino Rossi wrote:
>
>> One other thing. I see that the Sonicwall box is dropping UDP packets from
>> my freeswan box port 500 to the sonicwall's port 500. Is that part of the
>> problem? Thanks.
>
> Yes. The sonicwall needs to allow IPSec/IKE traffic through (UDP port 500, and
> ESP traffic). Read doc/firewall.html for more info.
>
> - --
> Sam Sgro
> sam_at_freeswan.org
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: noconv
> Comment: For the matching public key, finger the Reply-To: address.
>
> iQCVAwUBPcsG3UOSC4btEQUtAQEhkQQAq8321Rtnu+wMR31h93JvdLalqbx5HBvC
> F25J+Lc50QX1JmRKojNwAnX5BTvpNjfn7pox8BNBtfR9Gyhfn+P6wzrbh4k7pY8Y
> YK4/gjhWiI4e1HRkhmql6Hk20qJ+1Mqu56aeZMWjN0aRZqXPTWPyIbLqzlgAA1iF
> VSKihTjzHpI=
> =lLG0
> -----END PGP SIGNATURE-----
>

-- 
Lucio Rossi
Programmer Analyst
UCLA Neuropsychiatric Institute & Hospital
760 Westwood Plaza, Rm:37-459
Los Angeles, CA 90024
(310) 794-4833 (p) (310) 825-7642 (f)
lnrossi_at_qeeg.npi.ucla.edu
www.mentalhealth.ucla.edu
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Lucio Nino Rossi: "Re: [Users] Re: Help with Sonicwall/10 interop with FreeSWAN 1.99"
• Previous message: Sam Sgro: "Re: [Users] IPSEC Routing table manipulation ???"
• In reply to: Sam Sgro: "Re: [Users] Re: Help with Sonicwall/10 interop with FreeSWAN 1.99"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Nov 08 2002 - 05:20:38 CET