Hi everybody,
I just tried a few days to set up a roadwarrior connection over IPSec with ASL V5, ASC v8.12 Build 24 and X.509 certificates.
I created CA and a client certificate and configured ASC, but can't connect to the gateway.
What's wrong?
Astaro Log says:
2005:01:11-20:43:36 (none) pluto[29298]: packet from 84.57.33.182:4500: Informational Exchange is for an unknown (expired?) SA
2005:01:11-20:43:36 (none) pluto[29298]: packet from 84.57.33.182:4500: Informational Exchange is for an unknown (expired?) SA
2005:01:11-20:43:36 (none) pluto[29298]: packet from 84.57.33.182:500: ignoring Vendor ID payload [XAUTH]
2005:01:11-20:43:36 (none) pluto[29298]: packet from 84.57.33.182:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2005:01:11-20:43:36 (none) pluto[29298]: packet from 84.57.33.182:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2005:01:11-20:43:36 (none) pluto[29298]: packet from 84.57.33.182:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2005:01:11-20:43:36 (none) pluto[29298]: packet from 84.57.33.182:500: received Vendor ID payload [Dead Peer Detection]
2005:01:11-20:43:36 (none) pluto[29298]: packet from 84.57.33.182:500: ignoring Vendor ID payload [101fb0b35c5a4f4c...]
2005:01:11-20:43:36 (none) pluto[29298]: packet from 84.57.33.182:500: ignoring Vendor ID payload [Cisco-Unity]
2005:01:11-20:43:36 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182 #12: responding to Main Mode from unknown peer 84.57.33.182
2005:01:11-20:43:36 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182 #12: transition from state (null) to state STATE_MAIN_R1
2005:01:11-20:43:36 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182 #12: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
2005:01:11-20:43:36 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182 #12: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
2005:01:11-20:43:37 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182 #12: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2005:01:11-20:43:37 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182 #12: Main mode peer ID is ID_DER_ASN1_DN: 'C=XX, ST=XXX, L=XXX, O=XXX, OU=XX, CN=XXX, E=XXX'
2005:01:11-20:43:37 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182 #12: Issuer CRL not found
2005:01:11-20:43:37 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182 #12: Issuer CRL not found
2005:01:11-20:43:37 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182 #12: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
2005:01:11-20:43:37 (none) pluto[29298]: | NAT-T: new mapping 84.57.33.182:500/4500)
2005:01:11-20:43:37 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182:4500 #12: sent MR3, ISAKMP SA established
2005:01:11-20:43:37 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182:4500 #12: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===217.83.21.196:4500[C=YY, ST=YYY, L=YYY, O=YYY, OU=YY, CN=YYY, E=YYY]...84.57.33.182:4500[C=XX, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX, E=XXX]===192.168.100.1/32
2005:01:11-20:43:37 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182:4500 #12: sending encrypted notification INVALID_ID_INFORMATION to 84.57.33.182:4500
2005:01:11-20:43:49 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182:4500 #12: received Delete SA payload: deleting ISAKMP State #12
2005:01:11-20:43:49 (none) pluto[29298]: "D_Roadwarriors_0"[2] 84.57.33.182:4500: deleting connection "D_Roadwarriors_0" instance with peer 84.57.33.182
2005:01:11-20:43:49 (none) pluto[29298]: packet from 84.57.33.182:4500: received and ignored informational message
Any suggestions ?
This thread was automatically locked due to age.
