From: Rafiqul A. <raf...@gm...> - 2006-02-24 05:12:34
|
Thanks Brian, I understand. Also your solution was helpful. I will try not to place any issues that are not related to ipsec-tool package. Sorry for the inconvenience, and thank you so much for your help. R On 2/23/06, Brian Candler <B.C...@po...> wrote: > > Well, I'm getting a bit tired of this now. This will be my last reply. > > > ftp using tcpdump, I dont see any encryption( I am expecting ftp > > packet to be encrypted here since I am using port 21)..instead, I se= e > > just like a regular ftp packet as follows : > > > > IP 10.19.171.18.ftp > 10.19.171.30.32806: P 1:32(31) ack 1 win 49232 > ^^^ ^^^^^ > > actual packet > source port: 21 > destination port: 32806 > > > spdadd 10.19.171.30[21] 10.19.171.18[21] any -P out ipsec > > esp/transport//require; > > spdadd 10.19.171.18[21] 10.19.171.30[21] any -P in ipsec > > esp/transport//require; > > policy definition > source port: 21 > destination port: 21 > > Spot the mismatch? > > Let me say the following, as I think far too much noise has been generate= d > on this thread over the last few weeks. > > This list is for the development of the *ipsec-tools* software package, > which implements Internet Key Exchange (IKE). This means that: > > (1) Any questions about Solaris IPSEC configuration are *off topic* for > this > list. Try the sun-managers list. > > (2) Any questions about manual keying are *off topic* for this list. Try > the > KAME list, or a Linux networking list. > > Whilst some general IPSEC discussion does take place here, and also it is > reasonable to ask for help debugging *key exchange* problems between > ipsec-tools and some other IKE implementation, we can't sit here all day > and > attempt to build your solution for you, especially when that solution doe= s > not involve ipsec-tools at all. I think there comes a point where you hav= e > to do your own research - sorry. > > Of course, I can't speak on behalf of any other member of this list. But > if > anyone disagrees with me, I'm more than happy for them to answer your > questions for you. I won't any more. > > Regards, > > Brian. > -- Rafiqul Ahsan 630-717-1698(h) 2120 Periwinkle Ln 630-689-1457(h) Naperville, IL 60540 847-812-6176(c) |