From: Paul W. <Pau...@ta...> - 2007-06-14 14:47:49
|
Gabriel Somlo wrote: > On 6/14/07, Paul Winder <Pau...@ta...> wrote: > >> After phase1 do you get a message like: >> INFO: ISAKMP-SA established src-ip[port]-dest-ip[port] spi:... > > > Yes: > > 2007-06-14 10:14:49: INFO: ISAKMP-SA established > 192.168.123.234[500]-192.168.5.220[500] > spi:674c477fbb657890:bb9ad2116e1095e9 > >> and what does setkey -PD show after phase 1? > > You should have two entries like (well I do): 0.0.0.0/0[any] 192.168.65.52[any] any in prio def ipsec esp/tunnel/10.1.1.1-10.2.2.2/require created: Jun 14 15:38:58 2007 lastused: Jun 14 15:41:06 2007 lifetime: 0(s) validtime: 0(s) spid=640 seq=1 pid=14812 refcnt=8 192.168.65.52[any] 0.0.0.0/0[any] any out prio def ipsec esp/tunnel/10.2.2.2-10.1.1.1/require created: Jun 14 15:38:58 2007 lastused: Jun 14 15:41:06 2007 lifetime: 0(s) validtime: 0(s) spid=633 seq=2 pid=14812 refcnt=9 Maybe something is going wrong with the setkeys to create the spd entries.... |