The configuration is as follows:
(1) Local computer 192.168.254.X running on local network, running Red Hat
Enterprise Linux.
(2) NAT router connected to cable-modem outbound. Local address
192.168.254.254, public address 66.111.111.111 (say...)
(3) SonicWall router public on Internet 66.222.222.222 (say...) connected to
target network.
(4) Target machine is 192.160.30.X on target network.
Relevant entries in /etc/sysconfig/network-scripts config-file are:
IKE_METHOD=PSK
DST=66.222.222.222 (public address of SonicWall)
DSTNET=192.168.30.0/24
SRCNET=192.168.254.0/24
(correct shared-key string is elsewhere)
An "ip route to" statement in /etc/sysconfig/network-scripts/ifup-ipsec had
to be nopped-out to avoid runtime errors ("network is not accessible").
What happens with Racoon is: ipSec-tools 0.2.3)
"1 times of 244 bytes will be sent to..." (?!) 192.168.254.X (?!)
... plogdump of 244-byte message
"92 bytes message received from 66.222.222.222[500]"
"ignore message because message has no hash payload"
(above message repeated 3 times)
... and it quits.
At /one/ time in the past I received "hash incorrect" messages. I have not
gotten them lately and, of course, I do not know what I did differently.
But, at some time in the past, there was some hash-info coming in.
The configuration-file entry is:
remote 66.222.222.222 {
exchange_mode aggressive, main;
my_identifier address;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
} }
User at end-point site claims that no negotiation-failed messages have been
received on his end; but he's an affirmed Windows-head anyway. :-/ I find
it hard to believe because 92 bytes of information are certainly coming
from someone somewhere.
I am DESPERATE for help!
---
(E-Mail Removed)
Similar Threads
Linear Mode
