I checked over the settings and it all looks good. Well, to me it does. This was a move to a new machine using a backup from my previous ASL box. Now, when I try and connect, I receive the following messages.
The server-side is from when it almost worked. However, now I get a message on the client side and it doesn't even communicate with the ASL box anymore.
Server-side:
Code:
2006:01:18-17:00:16 (none) pluto[6028]: packet from 192.168.0.15:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2006:01:18-17:00:16 (none) pluto[6028]: packet from 192.168.0.15:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
2006:01:18-17:00:16 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15 #13: responding to Main Mode from unknown peer 192.168.0.15
2006:01:18-17:00:16 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15 #13: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
2006:01:18-17:00:16 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15 #13: STATE_MAIN_R1: sent MR1, expecting MI2
2006:01:18-17:00:18 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15 #13: ignoring unknown Vendor ID payload [47bbe7c993f1fc13b4e6d0db565c68e501020101020101031031302e332e3520...]
2006:01:18-17:00:18 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15 #13: ignoring unknown Vendor ID payload [da8e937880010000]
2006:01:18-17:00:18 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15 #13: received Vendor ID payload [Dead Peer Detection]
2006:01:18-17:00:18 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15 #13: received Vendor ID payload [XAUTH]
2006:01:18-17:00:18 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15 #13: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
2006:01:18-17:00:18 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15 #13: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
2006:01:18-17:00:18 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15 #13: STATE_MAIN_R2: sent MR2, expecting MI3
2006:01:18-17:01:13 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15 #12: max number of retransmissions (2) reached STATE_MAIN_R2
2006:01:18-17:01:28 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15 #13: max number of retransmissions (2) reached STATE_MAIN_R2
2006:01:18-17:01:28 (none) pluto[6028]: "D_rw-cfn-emp_2"[4] 192.168.0.15: deleting connection "D_rw-cfn-emp_2" instance with peer 192.168.0.15 {isakmp=#0/ipsec=#0}
Client-side
Code:
1-19: 11:30:39.395 My Connections\CFN01 - Initiating IKE Phase 1 (IP ADDR=X.X.56.178)
1-19: 11:30:39.426 My Connections\CFN01 - Personal Certificate is not available
1-19: 11:30:39.426 My Connections\CFN01 - Initiation unsuccessful.
1-19: 11:30:39.436 My Connections\CFN01 - Error initiating manual connection.
I'm not sure what it means by "Personal Certificate is not available". I can verify the cert on the client and I even redownloaded the cert from the ASLv6 box and re-imported it into the client.
I dropped this box onto our external subnet along with the ASLv5 box with a different IP. I regenerated the local key since I used the IP as the identifyer and ASLv6 now uses that key.
I'm a little stumped. Should I start from scratch or do you see something wrong here?
This thread was automatically locked due to age.