On Tue, 2004-07-13 at 19:11, Tibbs, Richard wrote: > Hello list.. > Hi Richard,
> The hardware setup is simple: > win2000 machine --- ethswitch ----- fw --- internal subnet > ^ ^ ^ > 137.45.192.86 137.45.192.69 192.168.10.254 your shorewall seems not to be the problem. The ipsec.conf looks good to me, too. > Jul 13 11:58:08 firewall pluto[29061]: "road-warrior"[1] 137.45.192.86 > #1: respo > nding to Main Mode from unknown peer 137.45.192.86 > Jul 13 11:58:08 firewall pluto[29061]: "road-warrior"[1] 137.45.192.86 > #1: Main > mode peer ID is ID_IPV4_ADDR: '137.45.192.86' > Jul 13 11:58:08 firewall pluto[29061]: "road-warrior"[1] 137.45.192.86 > #1: sent > MR3, ISAKMP SA established This means that the Connection for key exchange was successfully established. > Jul 13 11:58:08 firewall pluto[29061]: "road-warrior"[1] 137.45.192.86 > #1: canno > t respond to IPsec SA request because no connection is known for > 0.0.0.0/0===137.45.192.69...137.45.192.86 ^ This seems to be your problem! The win client asks for a connection that is not specified on the bering side, so i assume your windows config is wrong. The thing above should look like: 192.168.10.0/24==137.45.192.69...137.45.192.86 (which is %any) > Jul 13 11:58:08 firewall pluto[29061]: "road-warrior"[1] 137.45.192.86 > #1: sendi > ng encrypted notification INVALID_ID_INFORMATION to 137.45.192.86:500 > Jul 13 11:58:09 firewall pluto[29061]: "road-warrior"[1] 137.45.192.86 > #1: Quick > Mode I1 message is unacceptable because it uses a previously used > Message ID 0x The following messages are only caused by the one above... So it seems that you have a FreeSwan (Configuration) problem. Can you provide more about your win side configuration ?? --arne ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
