> I find wireshark helpful in these cases as it nicely decodes what > options are being set. Your racoon conf is set to obey. Its possible > they are proposing something different to you that you accept, where as > what you are proposing might not be acceptable > > ---Mike
My vendor came back to me today and stated they found a configuration error on their end. Their most recent message states the traffic I am sending to them through the IPSec tunnel is not encrypted. Following is what they sent me from the ASA. Crypto map tag: rackmap, seq num: 201, local addr: 184.106.120.244 access-list 201 extended permit ip 192.168.100.0 255.255.252.0 10.129.30.0 255.255.255.0 local ident (addr/mask/prot/port): (192.168.100.0/255.255.252.0/0/0) remote ident (addr/mask/prot/port): (10.129.30.0/255.255.255.0/0/0) current_peer: Jefferson_City #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 789, #pkts decrypt: 789, #pkts verify: 789 Crypto map tag: rackmap, seq num: 201, local addr: 184.106.120.244 access-list 201 extended permit ip 192.168.100.0 255.255.252.0 10.129.10.0 255.255.255.0 local ident (addr/mask/prot/port): (192.168.100.0/255.255.252.0/0/0) remote ident (addr/mask/prot/port): (10.129.10.0/255.255.255.0/0/0) current_peer: Jefferson_City #pkts encaps: 112, #pkts encrypt: 112, #pkts digest: 112 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0 Usually this indicates that the encryption domains on both sides of the VPN are not matched up exactly. If possible, please send us the encryption domains and nat-exemptions you currently have configured on the other side of the tunnel. What concerns me is, if I am reading this correctly, traffic from 10.129.10.0/24 is not being encrypted and 10.129.10.40 is my end of the tunnel. 10.129.30.0/24 lies behind the the 10.129.10.40 server. Is it possible for me to check if traffic being sent over the IPSec tunnel is being encrypted? I am sorry if this is an extremely easy question, but I am really new to IPSec. Thank you to everyone for their help. Jay _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"