Hi Mohan, Thanks for this I will have a look at your document.
Regards, Simon. -----Original Message----- From: S Mohan [mailto:[EMAIL PROTECTED] Sent: 18 September 2003 11:53 To: Simon Chalk Subject: RE: [leaf-user] Win XP to Bering Ipsec Gateway setup using X509 I've done this using Marcus Muller's utility and it worked well. I've a doc in my devel (mohansundaram) area. Maybe that will help. Regards Mohan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Simon Chalk Sent: Thursday, September 18, 2003 3:01 PM To: Leaf-User List Subject: [leaf-user] Win XP to Bering Ipsec Gateway setup using X509 Hi All, I am trying to setup a Bering 1.2 firewall to allow a Windows XP client to connect to an internal network attached to the Bering box. I have already successfully got a Net-Net Ipsec connection working between two Bering firewalls using pre shared keys. I am now trying to add to this setup by allowing a Windows XP client to connect. I am essentially following the configuration as described by Nate Carlson http://www.natecarlson.com/linux/ipsec-x509.php When I try to ping the Bering internal network I get the following errors on the Bering box auth.log Ignoring Vendor ID payload {MS NT5 ... Responding to Main Mode Encrypted Informational Exchange message is invalid because it is for incomplete ISAKMP SA If I look on the XP Oakley log I see IKE failed to find valid machine certificate Received an unencrypted packet when crypto active As far as I am aware I have setup the certificates correctly. I think my first main question is, will this setup work. Should I be able to have both a Net-Net ipsec connection as well as a Windows XP roadwarrior connection as well. Any help will be much appreciated. I can provide further configuration details if necessary. Regards, Simon Chalk. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
