On Wed, Nov 30, 2005 at 03:58:07PM +0100, martin wrote: ... > [Phase 1] > 10.10.10.9= ISAKMP-peer-ignition > > [Phase 2] > Connections= IPsec-ignition-soekris
this should be a passive connection. Otherwise isakmpd will try to keep this connection up and when this fails it gets logged. This should also happen on 3.7, btw. > > [ISAKMP-peer-ignition] > Phase= 1 > Transport= udp > Local-Address= 10.10.10.10 > Address= 10.10.10.9 > Configuration= Default-main-mode > Authentication= 2secret2btrue > > [IPsec-ignition-soekris] > Phase= 2 > ISAKMP-peer= ISAKMP-peer-ignition > Configuration= Default-quick-mode > Local-ID= Addr-fjuttsi > Remote-ID= Addr-laptop > > [Addr-laptop] > ID-type= IPV4_ADDR > Address= 10.10.10.9 > > [Addr-fjuttsi] > ID-type= IPV4_ADDR > Address= 10.10.10.10 > > [Default-main-mode] > DOI= IPSEC > EXCHANGE_TYPE= ID_PROT > Transforms= 3DES-SHA > > [Default-quick-mode] > DOI= IPSEC > EXCHANGE_TYPE= QUICK_MODE > Suites= QM-ESP-3DES-SHA-SUITE > > > ...isakmpd.policy... > > KeyNote-Version: 2 > Comment: This policy accepts ESP SAs from a remote that uses the right > password > Authorizer: "POLICY" > Licensees: "passphrase:2secret2btrue" > Conditions: app_domain == "IPsec policy" && > esp_present == "yes" && > esp_enc_alg == "3des" && > esp_auth_alg == "hmac-sha" -> "true";