Sep 3 15:05:16 obsd1 isakmpd[25239]: dropped message from 172.26.10.83 port 500 due to notification type NO_PROPOSAL_CHOSEN Sep 3 15:05:16 obsd1 isakmpd[25239]: responder_recv_HASH_SA_NONCE: KEY_EXCH payload without a group desc. attribute Sep 3 15:05:16 obsd1 isakmpd[25239]: dropped message from 172.26.10.83 port 500 due to notification type NO_PROPOSAL_CHOSEN Sep 3 15:05:16 obsd1 isakmpd[25239]: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id ac1a0a53: 172.26.10.83, responder id 0a000080/ffffff80: 10.0.0.128/255.255.255.128
Same thing: btw, ISA Server 2006 gives me this: ------ LOCAL -------- Local Tunnel Endpoint: 172.26.10.83 Remote Tunnel Endpoint: 172.26.10.82 To allow HTTP proxy or NAT traffic to the remote site, the remote site configuration must contain the local site tunnel end-point IP address. IKE Phase I Parameters: Mode: Main mode Encryption: 3DES Integrity: SHA1 Diffie-Hellman group: Group 2 (1024 bit) Authentication Method: Pre-shared secret (teste) Security Association Lifetime: 28800 seconds IKE Phase II Parameters: Mode: ESP tunnel mode Encryption: 3DES Integrity: SHA1 Perfect Forward Secrecy: ON Diffie-Hellman group: Group 2 (1024 bit) Time Rekeying: ON Security Association Lifetime: 3600 seconds Kbyte Rekeying: OFF Remote Network 'OBSD1' IP Subnets: Subnet: 10.0.0.1/255.255.255.255 Subnet: 10.0.0.2/255.255.255.254 Subnet: 10.0.0.4/255.255.255.252 Subnet: 10.0.0.8/255.255.255.248 Subnet: 10.0.0.16/255.255.255.240 Subnet: 10.0.0.32/255.255.255.224 Subnet: 10.0.0.64/255.255.255.192 Subnet: 10.0.0.128/255.255.255.128 Local Network 'Internal' IP Subnets: Subnet: 10.0.1.0/255.255.255.0 Routable Local IP Addresses: Subnet: 10.0.1.0/255.255.255.0 ------ REMOTE ------ Local Tunnel Endpoint: 172.26.10.82 Remote Tunnel Endpoint: 172.26.10.83 IKE Phase I Parameters: Mode: Main mode Encryption: 3DES Integrity: SHA1 Diffie-Hellman group: Group 2 (1024 bit) Authentication Method: Pre-shared secret (teste) Security Association Lifetime: 28800 seconds IKE Phase II Parameters: Mode: ESP tunnel mode Encryption: 3DES Integrity: SHA1 Perfect Forward Secrecy: ON Diffie-Hellman group: Group 2 (1024 bit) Time Rekeying: ON Security Association Lifetime: 3600 seconds Kbyte Rekeying: OFF Site-to-Site Network IP Subnets: Subnet: 10.0.1.0/255.255.255.0 I've defined only the Class C of 10.0.0.1 to 10.0.0.255 and there's a lot of subnets! Maybe that's the issue? On 9/3/07, Hans-Joerg Hoexer <[EMAIL PROTECTED]> wrote: > On Mon, Sep 03, 2007 at 02:45:46PM +0100, JosC) Costa wrote: > > 3des, sha1, PFS disabled. > > ok, then enable pfs, use modp1024