[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

problems in manual keying

To: "ipsec@lists.tislabs.com" <ipsec@lists.tislabs.com>
Subject: problems in manual keying
From: "tsbalaji1993@rediffmail.com" <tsbalaji1993@rediffmail.com>
Date: 7 Aug 2001 09:11:34 -0000
Sender: owner-ipsec@lists.tislabs.com

hi all

  while working in openbsd,

  we enabled ah and esp by 
    sysctl -w net.inet.esp.enable =1
    sysctl -w net.inet.ah.enable =1

  then we setup SA as follows 

  on host 192.168.7.151

    ipsecadm new esp -spi 1000 -src 192.168.7.151 -dst 192.168.7.152 -forcetunnel -enc 3des -auth sha1 -key 5555555555555555555555555555555555555555 -authkey 7777777777777777777777777777777777777777

    ipsecadm new esp -spi 1001 -src 192.168.7.152 -dst 192.168.7.151 -forcetunnel -enc 3des -auth sha1 -key 5555555555555555555555555555555555555555 -authkey 7777777777777777777777777777777777777777


  On host 192.168.7.152

ipsecadm new esp -spi 1001 -src 192.168.7.152 -dst 192.168.7.151 -forcetunnel -enc 3des -auth sha1 -key 5555555555555555555555555555555555555555 -authkey 7777777777777777777777777777777777777777

ipsecadm new esp -spi 1000 -src 192.168.7.151 -dst 192.168.7.152 -forcetunnel -enc 3des -auth sha1 -key 5555555555555555555555555555555555555555 -authkey 7777777777777777777777777777777777777777


for flow we tried 

   On host 192.168.7.151


   ipsecadm flow -proto esp -dst 192.168.7.152 -spi 1000 -addr 192.168.7.151 255.255.255.255 192.168.7.152 255.255.255.255 

  on host 192.168.7.152

ipsecadm flow -proto esp -dst 192.168.7.151 -spi 1001 -addr 192.168.7.152 255.255.255.255 192.168.7.151 255.255.255.255 

but since "-spi depreciated" error came we tried


   on host 192.168.7.151

ipsecadm flow -proto esp -dst 192.168.7.152 -addr 192.168.7.151 255.255.255.255 192.168.7.152 255.255.255.255 - out -require

   on host 192.168.7.152

ipsecadm flow -proto esp -dst 192.168.7.151 -addr 192.168.7.152 255.255.255.255 192.168.7.151 255.255.255.255  -in -require

  but after this PING is tried and Tcpdump is used to capture the packets. but only " echo request" packets are coming but not "echo reply " packets. how to rectify the error.

  what is wrong.??

with love
balaji

  
   
    

_________________________________________________________
For Rs. 2,000,000 worth of Aptech scholarships click below
http://clients.rediff.com/clients/aptechsch/index.htm

Prev by Date: RE: IKE must have no Heirs
Next by Date: Re: isakmp cookies field
Prev by thread: Re: Re draft-kaufman-ipsec-improveike-00.txt
Next by thread: Position of certificate payload in IKE Aggressive Mode as Initiator
Index(es):
- Main
- Thread