[vpn-help] Policy configuration
Michael Ragusa
michael.ragusa at ai.net
Tue Mar 14 03:08:55 CST 2006
Matthew Grooms wrote:
> Michael Ragusa wrote:
>
>> Ive just tried beta8 and had to revert back to beta2 because beta8
>> like beta7 does not establish a tunneled ipsec connection. also once
>> the tunnels have been establish i can neither ping the internal
>> interface of the gateway.
>>
>
> Drat, there were a few bugs that needed to be addressed with respect
> to the manual client configuration options. These have been corrected
> and tested more thoroughly. Please re-download, re-install and re-test
> beta 8. Let me know if you see any more problems.
>
> http://www.shrew.net/download/vpn-client-1.0-beta-8.exe
>
> Thanks for your bug report and your patience,
>
> -Matthew
>
>
>
i just tried out the new beta8 client and it was able to establish a
tunnel but the problem is that im not able to ping the internal gateway
or telnet to any services on the gateways internal interface nor am i
able to ping any machines on the inside net
lance# Foreground mode.
2006-03-13 15:38:44: INFO: @(#)ipsec-tools 0.6.5
(http://ipsec-tools.sourceforge.net)
2006-03-13 15:38:44: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25
Oct 2004 (http://www.openssl.org/)
2006-03-13 15:38:44: INFO: 205.134.160.6[4500] used as isakmp port (fd=4)
2006-03-13 15:38:44: INFO: 205.134.160.6[4500] used for NAT-T
2006-03-13 15:38:44: INFO: 205.134.160.6[500] used as isakmp port (fd=5)
2006-03-13 15:38:44: INFO: 205.134.160.6[500] used for NAT-T
2006-03-13 15:50:36: INFO: respond new phase 1 negotiation:
205.134.160.6[500]<=>205.134.160.254[500]
2006-03-13 15:50:36: INFO: begin Aggressive mode.
2006-03-13 15:50:36: INFO: received Vendor ID: CISCO-UNITY
2006-03-13 15:50:36: INFO: received Vendor ID: RFC 3947
2006-03-13 15:50:36: INFO: received broken Microsoft ID: FRAGMENTATION
2006-03-13 15:50:36: INFO: Selected NAT-T version: RFC 3947
2006-03-13 15:50:36: INFO: Adding remote and local NAT-D payloads.
2006-03-13 15:50:36: INFO: Hashing 205.134.160.254[500] with algo #1
2006-03-13 15:50:36: INFO: Hashing 205.134.160.6[500] with algo #1
2006-03-13 15:50:36: INFO: NAT not detected
2006-03-13 15:50:36: INFO: ISAKMP-SA established
205.134.160.6[500]-205.134.160.254[500]
spi:03ffb2d42e92fe1a:0f59afc47249ab51
2006-03-13 15:50:37: INFO: Using port 0
2006-03-13 15:50:42: INFO: respond new phase 2 negotiation:
205.134.160.6[500]<=>205.134.160.254[500]
2006-03-13 15:50:42: INFO: Update the generated policy :
10.246.37.1/32[0] 10.246.38.0/24[0] proto=any dir=in
2006-03-13 15:50:42: INFO: IPsec-SA established: ESP/Tunnel
205.134.160.254[0]->205.134.160.6[0] spi=43706899(0x29aea13)
2006-03-13 15:50:42: INFO: IPsec-SA established: ESP/Tunnel
205.134.160.6[0]->205.134.160.254[0] spi=596724926(0x23914cbe)
2006-03-13 15:50:42: ERROR: such policy does not already exist:
"10.246.37.1/32[0] 10.246.38.0/24[0] proto=any dir=in"
2006-03-13 15:50:42: ERROR: such policy does not already exist:
"10.246.38.0/24[0] 10.246.37.1/32[0] proto=any dir=out"
any ideas on what im doing wrong?
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: logfile.txt
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20060314/deffb540/attachment-0002.txt>
More information about the vpn-help
mailing list