Just to let you know: I just started pinging from 192.168.111.10 (i.e. a LAN-device connected to iprb103001) towards 10.1.1.2 (device behind Juniper).
With this, the opensolaris doesn't log any ike activities and sends out the echo requests in plaintext thru the wan-interface: r...@kunde003-lan:/etc# snoop -rd iprb3000 Using device iprb3000 (promiscuous mode) 192.168.111.10 -> 10.1.1.2 ICMP Echo request (ID: 63542 Sequence number: 69) If we get the opensolaris to initiate the tunnel, I might be able to debug on the Juniper and find out, where exactly the P1-mismatch happens. BTW - I didn't find a config parameter to influence the ike-mode (main / aggressive). Where would I set this? Cheers & Thanks again, Kai tel: +49 (0)5731 1502-30 mail: [email protected] ______________ Systemhaus Krick GmbH & Co. KG (www.krick.net) Osterweg 2 32549 Bad Oeynhausen Tel.: 05731 1502-0 Fax.: 05731 1502-19 ______________ Systemhaus Krick GmbH & Co. KG, Bad Oeynhausen Geschäftsführer: Robert Krick Handelsregister des Amtsgericht Bad Oeynhausen Registernummer: HRA 2365 Krick Beteiligungs GmbH, Bad Oeynhausen Geschäftsführer: Robert Krick Handelsregister des Amtsgericht Bad Oeynhausen Registernummer: HRB 3079 _______________________________________________ security-discuss mailing list [email protected]
