I have had a tunnel up and working for a few weeks (I have a LSys rv042 on 1 end of the tunnel.) And 2 days ago, I started getting similar messages. I was briefly veiwing the logs last night, and it seems to me that the AH (of IPsec) failed due to some mismatch in the hash key. But I'd need to re-examine the logs to verify. My log was filled with these messages almost the whole day yesterday. And during that time, the tunnel was pretty much down; the rv042 wasn't reachable via the tunnel. - PV
On 9/2/09, luismi <asturlui...@gmail.com> wrote: > Yes I know that link and I checked my config and seems to be ok. > > The cisco side is: > > crypto isakmp policy 10 > encr 3des > authentication pre-share > group 2 > lifetime 3600 > crypto isakmp key xxxxxxxx address 11.22.33.44 no-xauth > crypto isakmp invalid-spi-recovery > crypto isakmp keepalive 10 > ! > ! > crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac > ! > crypto map PFSVPN 15 ipsec-isakmp > description VPN IPSEC contra PFSense FW1 > set peer 11.22.33.44 > set security-association lifetime seconds 28800 > set transform-set 3DES-SHA > set pfs group2 > match address 100 > > and in the pfsense side... > under Phase 1 proposal (Authentication) I have 28800 seconds as lifetime > under Phase 2 proposal (SA/Key Exchange) I have 3600 seconds as lifetime > > I don't see clearly if those values are correct located against my cisco > configuration. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > -- Sent from my mobile device --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
