Re: [Ipsec-tools-devel] error: multiple SAs with one destination (and a Cisco router)
Brought to you by:
mit_warlord,
netbsd
From: KOVACS K. <hi...@ba...> - 2006-12-11 11:13:00
|
Hi, On Monday 11 December 2006 01:02, Eduard GV wrote: > Cisco sends frames with the new spi, and at the same time, sends: > 4.3.2.1.500 > 1.2.3.4.500: isakmp: phase 2/others ? inf[E] > in response to the frames the linux sends with the old spi. Afterwards > (and before hard > time expires) the router starts sending frames with the new SA and it > works again. > > Is there something wrong in my configuration? (I use ipsec-tools 0.6.6 > on a 2.6.8-3 kernel) Please upgrade your kernel. This is a known problem with older 2.6 Linux kernels which has been fixed about a year ago (if my memory serves me well). -- Regards, Krisztian Kovacs |