* Erich <[EMAIL PROTECTED]> [2008-02-28 14:06]: > do i have to restart bgpd in order to get "ipsec esp ike" for a > session / nei working or is a reload and nei up/down enough?
config reload and clearing the affected neighbor session is enough. I have done that in testing many times successfully. > i got > > Oct 20 13:21:23 router-mt-1 isakmpd[13070]: dropped message from > xx.xx.xx.xx port 500 due to notification type NO_PROPOSAL_CHOSEN > > and > > responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator > id 59caa34e: xxx.xxx.xxx.xxx, responder id 50be811a: xx.xx.xxx.xxx > > isakmpd is running with -Ka like suggested in man bgpd.conf and keys have > been copied to each side. now that is a problem for the isakmpd masochists ;) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam