From: Peter E. <pe...@bo...> - 2008-07-24 18:59:08
|
I have a peer (ASA 5540 with 802 code) who can't initiate to me, nor I to him with 0.7.x. INFO: respond new phase 1 negotiation: mine[500]<=>them[500] INFO: begin Identity Protection mode. INFO: received broken Microsoft ID: FRAGMENTATION ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#2) = SHA:MD5 ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 3DES-CBC:AES-CBC ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 3DES-CBC:AES-CBC INFO: request for establishing IPsec-SA was queued due to no phase1 found. INFO: received broken Microsoft ID: FRAGMENTATION ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#2) = SHA:MD5 ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 3DES-CBC:AES-CBC ERROR: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 3DES-CBC:AES-CBC The config is for main, 3des, sha1, dh/pfs group 2 on both ends for both phase 1 and phase 2. Running 0.6.7 the peer pops right up and with 0.7.1 (as well as 0.7) it won't establish phase 1. It keeps logging lines like above. Hints, tricks, ideas? peter |