Re: [Ipsec-tools-devel] error: multiple SAs with one destination (and a Cisco router)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

yessss, that was it: I moved from Debian sarge (kernel 2.6.8-3) to
etch (2.6.18-3) and now it is working.

Thank you all!

2006/12/11, KOVACS Krisztian <hi...@ba...>:
>
>   Hi,
>
> On Monday 11 December 2006 01:02, Eduard GV wrote:
> > Cisco sends frames with the new spi, and at the same time, sends:
> > 4.3.2.1.500 > 1.2.3.4.500: isakmp: phase 2/others ? inf[E]
> > in response to the frames the linux sends with the old spi. Afterwards
> > (and before hard
> > time expires) the router starts sending frames with the new SA and it
> > works again.
> >
> > Is there something wrong in my configuration? (I use ipsec-tools 0.6.6
> > on a 2.6.8-3 kernel)
>
>   Please upgrade your kernel. This is a known problem with older 2.6 Linux
> kernels which has been fixed about a year ago (if my memory serves me
> well).
>
> --
>  Regards,
>   Krisztian Kovacs
>