On 8/29/2011 7:34 AM, jh...@socket.net wrote:
> Thank you for all your help!! IT WORKS!!!
Great!
>
> One final question. If I want to clean up my racoon configuration file,
> instead of using sainfo anonymous can the following be used instead?
>
> sainfo address 10.129.0.0/16 any address
>From : Mike Tancsa
To : jh...@socket.net
Subject : Re: Racoon to Cisco ASA 5505
Date : Fri, 26 Aug 2011 21:37:56 -0400
> On 8/26/2011 5:09 PM, jh...@socket.net wrote:
> >> Yes, post that to the list.
> >>
> >
&g
On 8/26/2011 5:09 PM, jh...@socket.net wrote:
>> Yes, post that to the list.
>>
>
> I am not sure if this is the entire configuration or not, but this is what
> they have posted.
>
>
> crypto ipsec security-association lifetime seconds 28800
> crypto ipsec security-association lifetime kil
> Yes, post that to the list.
>
I am not sure if this is the entire configuration or not, but this is what
they have posted.
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map rackmap 201 match address 201
What does their policy look like ? Are they really setting up an IP-IP
> tunnel on their side too ? Or just a regular ESP IPSEC tunnel. If they
> are not setting up an IP-IP tunnel, than get rid of the gif interface.
>
I have sent them an email, and I am waiting hear from them. I do have the
co
On 8/26/2011 2:40 PM, jh...@socket.net wrote:
>
>
>> IP-IP interface ? (GIF). If you are using that, then you will need very
>> different policies on both sides. You should mention these little
>> "details" when posting your configs. Can you p
> IP-IP interface ? (GIF). If you are using that, then you will need very
> different policies on both sides. You should mention these little
> "details" when posting your configs. Can you please post your FULL
> configuration / topology. Othe
On 8/26/2011 1:42 PM, jh...@socket.net wrote:
> I am seeing a couple of things that are concerning me.
>
> First, I am not seeing any traffic over the gif interface, except return
> traffic. For example if I ping from one of my sites (e.g.
> 10.129.30.0/24), I do not see any traffic on the gi
ou for all your help. If you would like the results of the capture
posted, please let me know and I will post them as well.
Jay
>From : Mike Tancsa
To : jh...@socket.net
Subject : Re: Racoon to Cisco ASA 5505
Date : Thu, 25 Aug 2011 14:39:12
On 8/25/2011 11:52 AM, jh...@socket.net wrote:
>> I find wireshark helpful in these cases as it nicely decodes what
>> options are being set. Your racoon conf is set to obey. Its possible
>> they are proposing something different to you that you accept, where as
>> what you are proposing might not
> I find wireshark helpful in these cases as it nicely decodes what
> options are being set. Your racoon conf is set to obey. Its possible
> they are proposing something different to you that you accept, where as
> what you are proposing might not be acceptable
>
> ---Mike
My vendor came b
On 8/23/2011 7:22 PM, jh...@socket.net wrote:
> I have run into a weird situation, and I do not know if the problem lies
> on my side of the connection or my vendors.
>
> The tunnel comes up only after the vendor sends traffic to me. My side of
> the tunnel shows up and using tcpdump, I see pa
12 matches
Mail list logo
