[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ASK for IPSEC Help!

To: "._IPSEC" <ipsec@lists.tislabs.com>
Subject: ASK for IPSEC Help!
From: "Lin Yi-Chang" <yichanglin@ntu.edu.tw>
Date: Wed, 25 Jun 2003 17:52:43 +0800
Sender: owner-ipsec@lists.tislabs.com

Dear ALL: I have encounter a situation I can't handle it, Plz help me if u know. This is the freeswan (whack --status) The following case will work!!! (Client to Gateway case) 000 interface ipsec0/ixp1 192.168.5.120 000 000 "ips0": 192.168.2.0/24===192.168.5.120---192.168.5.1...192.168.5.148 000= "ips0": ike_life: 3600s; ipsec_life: 28000s; rekey_margin: = 540s; rekey_fuz z: 100%; keyingtries: 3 000 "ips0": policy: PSK+TUNNEL+PFS; interface: ixp1; erouted 000 "ips0": = newest ISAKMP SA: #0; newest IPsec SA: #33; eroute owner: #33 000 000 = #33: "ips0" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLAC E in = 26939s; newest IPSEC; eroute owner 000 #33: "ips0" <3d.htm>esp.866d1ec9@192.168.5.148= <3d.htm>esp.7c18934f@192.168.5.120= <3d.htm>tun.1025@1 92.168.5.148 <3d.htm>tun.1024@192.168.5.120 000<= /DIV> --------------------------------------------------------------------= -------------------------------------------------- But if the situation is shown below (The Road warrior = case) 000 interface ipsec0/ixp1 192.168.5.120 000 000 "ips0"[1]: 192.168.2.0/24===192.168.5.120---192.168.5.1...192.168.5.148 000= "ips0"[1]: ike_life: 3600s; ipsec_life: 28000s; = rekey_margin: 540s; rekey_ fuzz: 100%; keyingtries: 3 000 "ips0"[1]: = policy: PSK+TUNNEL+PFS; interface: ixp1; erouted 000 "ips0"[1]: = newest ISAKMP SA: #34; newest IPsec SA: #35; eroute owner: #35 000 "ips0": 192.168.2.0/24===192.168.5.120---192.168.5.1...%any 000 = "ips0": ike_life: 3600s; ipsec_life: 28000s; rekey_margin: 540s; rekey_fuz z: = 100%; keyingtries: 3 000 "ips0": policy: PSK+TUNNEL+PFS; = interface: ixp1; unrouted 000 "ips0": newest ISAKMP SA: #0; newest = IPsec SA: #0; eroute owner: #0 000 000 #35: "ips0"[1] 192.168.5.148 = STATE_QUICK_R2 (IPsec SA established); EVENT_SA _REPLACE in 87s; newest IPSEC; = eroute owner 000 #35: "ips0"[1] 192.168.5.148 <3d.htm>esp.224d0706@192.168.5.148= <3d.htm>esp.7c189350@192.168 .5.120 = <3d.htm>tun.1027@192.168.5.148 <3d.htm>tun.1026@192.168.5.120 000 = #34: "ips0"[1] 192.168.5.148 STATE_MAIN_R3 (sent MR3, ISAKMP SA = established) ; EVENT_SA_REPLACE in 85s; newest ISAKMP 000 When the ICMP start from the right, 192.168.2.2 will return the = ICMP but 192.168.5.120 didn't do anything for the ICMP reply packet (should change it into ESP and back to the = right) , How can I solve the problem? Where is the packet entry point (file) in KLIPS??? Thanks for ur help -charles

Prev by Date: Re: LAST CALL: IKE
Next by Date: 21-25 July 2003 IPsec bakeoff ETSI Sophia Antipolis - last reminder to IETF IPsec list
Prev by thread: Q: ikev2 notify status ranges reserved to IANNA
Next by thread: 21-25 July 2003 IPsec bakeoff ETSI Sophia Antipolis - last reminder to IETF IPsec list
Index(es):
- Date
- Thread