From: Tore A. <to...@li...> - 2007-05-31 10:21:47
|
* VANHULLEBUS Yvan > "unknown informational exchange" means racoon didn't find the PH1 > handler (so the IsakmpSA) used to protect the informational > message.... > > So there is no way to dump an unencrypted version of something > crypted with a key we don't have !!!!! Yes, I've just realised this. First I thought the message meant that racoon received an notify message of a unknown type, but that was very wrong. The problem, it seems, was due to the Nortel defaulting to having a (possibly) infinite lifetime for the ISAKMP SA while racoon expired it after eight hours. I've just posted a (hopefully) better analysis, I'd appreciate it if you took a look at it. Apologies for the noise about this non-bug. -- Tore Anderson |