Thanks Brian, I understand. Also your solution was helpful. I will try not to place any issues that are not related to ipsec-tool package.
Sorry for the inconvenience, and thank you so much for your help.
On 2/23/06, Brian Candler <B.Candler@pobox.com> wrote:
Well, I'm getting a bit tired of this now. This will be my last reply.
> ftp using tcpdump, I dont see any encryption( I am expecting ftp
> packet to be encrypted here since I am using port 21)..instead, I see
> just like a regular ftp packet as follows :
> IP 10.19.171.18.ftp > 10.19.171.30.32806: P 1:32(31) ack 1 win 49232
source port: 21
destination port: 32806
> spdadd 10.19.171.30 10.19.171.18 any -P out ipsec
> spdadd 10.19.171.18 10.19.171.30 any -P in ipsec
source port: 21
destination port: 21
Spot the mismatch?
Let me say the following, as I think far too much noise has been generated
on this thread over the last few weeks.
This list is for the development of the *ipsec-tools* software package,
which implements Internet Key Exchange (IKE). This means that:
(1) Any questions about Solaris IPSEC configuration are *off topic* for this
list. Try the sun-managers list.
(2) Any questions about manual keying are *off topic* for this list. Try the
KAME list, or a Linux networking list.
Whilst some general IPSEC discussion does take place here, and also it is
reasonable to ask for help debugging *key exchange* problems between
ipsec-tools and some other IKE implementation, we can't sit here all day and
attempt to build your solution for you, especially when that solution does
not involve ipsec-tools at all. I think there comes a point where you have
to do your own research - sorry.
Of course, I can't speak on behalf of any other member of this list. But if
anyone disagrees with me, I'm more than happy for them to answer your
questions for you. I won't any more.
Rafiqul Ahsan 630-717-1698(h)
2120 Periwinkle Ln 630-689-1457(h)
Naperville, IL 60540 847-812-6176(c)