This thread is for the Linksys VPN Router..it supports IKE and 3DES.
I've got one [:)]
I can't make it work [:(]
Left Side
External IP 217.x.x.x
Internal Subnet 192.168.10.0
Right Side
External IP 24.x.x.x
Internal Subnet 192.168.111.0
I can get it to negotiate the first SA, with a rekey time of 3600s. VPN tunnel comes up perfectly, no problems.
An hour later, the tunnel disconnects.
Astaro Log:
000 interface ipsec0/eth0 192.168.10.1
000 interface ipsec1/eth1 217.x.x.x
000 interface ipsec2/eth2 192.168.50.1
000
000 "To_Cartman_-_PSK_1": 192.168.10.0/24===217.x.x.x---216.185.84.69...
000 "To_Cartman_-_PSK_1": ...24.x.x.x===192.168.111.0/24
000 "To_Cartman_-_PSK_1": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "To_Cartman_-_PSK_1": policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1; erouted
000 "To_Cartman_-_PSK_1": newest ISAKMP SA: #1; newest IPsec SA: #2; eroute owner: #2
000
000 #2: "To_Cartman_-_PSK_1" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27954s; newest IPSEC; eroute owner
000 #2: "To_Cartman_-_PSK_1" esp.39d0fc61@24.x.x.x esp.422d89fa@217.x.x.x tun.1002@24.x.x.x tun.1001@217.x.x.x
000 #1: "To_Cartman_-_PSK_1" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2485s; newest ISAKMP
---
So, in the Linksys Router, in the advanced settings:
Phase 1
Operation Mode: Main Mode is Selected
Proposal 1:
Encryption: 3DES
Authentication MD5
Group 1024bit
Key Lifetime: 3600s
Phase 2
Proposal
Encryption: 3DES
Authentication MD5
Group 1024bit
Key Lifetime: 28800s
For Other Options:
Netbios Broadcast: No
Anti-Replay: Yes
Keep Alive: No (I assume, perhaps incorrectly that this is for DSL use..keep alive packets.. maybe it's for the vpn.. who knows?)
If IKE Failed more than 5 times, block this ip for 60seconds: No
If I find anything else, I'll let you know!
Faz-Mat-Az
This thread was automatically locked due to age.