Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 1 subscriber
  • Views 393 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Roaming IPSEC connection "breaks" Win2k3 IPSEC

Smeagol
Ok, this is proving to be a pain in the bum. I have a connection agreement for roaming users from anywhere to establish an IPSEC connection to Astaro. I also have 2 specific agreements for 2 remote sites. The one going to IPCOP works fine and can reestablish with no problem, this also worked with Solwise ADSL VPN Router. However Windows 2003 with IPSEC policy will only work when I have "Disabled" the roaming agreement. The following is from my syslog and shows the problem. How come Astaro responds to the W2k3 box as if it was roaming even though there is a specific agreement in place!? "olympia" is the name of the connection that specifically defines the w2k3 site.

2003-10-05 08:53:12 System0.Warning 192.168.100.1 pluto[1182]: packet from 81.x.x.x:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
2003-10-05 08:53:12 System0.Warning 192.168.100.1 pluto[1182]: packet from 81.x.x.x:500: ignoring Vendor ID payload [4048b7d56ebce885...]
2003-10-05 08:53:12 System0.Warning 192.168.100.1 pluto[1182]: packet from 81.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2003-10-05 08:53:12 System0.Warning 192.168.100.1 pluto[1182]: packet from 81.x.x.x:500: ignoring Vendor ID payload [26244d38eddb61b3...]
2003-10-05 08:53:12 System0.Warning 192.168.100.1 pluto[1182]: "Roaming_1"[17] 81.x.x.x #108: responding to Main Mode from unknown peer 81.x.x.x
2003-10-05 08:53:12 System0.Warning 192.168.100.1 pluto[1182]: "Roaming_1"[17] 81.x.x.x #108: policy does not allow OAKLEY_RSA_SIG authentication.  Attribute OAKLEY_AUTHENTICATION_METHOD
2003-10-05 08:53:12 System0.Warning 192.168.100.1 last message repeated 3 times
2003-10-05 08:53:12 System0.Warning 192.168.100.1 pluto[1182]: "Roaming_1"[17] 81.x.x.x #108: no acceptable Oakley Transform
2003-10-05 08:53:12 System0.Warning 192.168.100.1 pluto[1182]: "Roaming_1"[17] 81.x.x.x #108: sending notification NO_PROPOSAL_CHOSEN to 81.x.x.x:500
2003-10-05 08:53:12 System0.Warning 192.168.100.1 pluto[1182]: "Roaming_1"[17] 81.x.x.x: deleting connection "Roaming_1" instance with peer 81.x.x.x
2003-10-05 08:53:27 System0.Warning 192.168.100.1 pluto[1182]: "olympia_1" #102: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
2003-10-05 08:53:27 System0.Warning 192.168.100.1 pluto[1182]: "olympia_1" #102: starting keying attempt 16 of an unlimited number
2003-10-05 08:53:27 System0.Warning 192.168.100.1 pluto[1182]: "olympia_1" #109: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL to replace #102    


This thread was automatically locked due to age.
Cookie Information Banner