I am having some trouble getting a connection with preshared key working. The remote end is a cisco-box and the people running the remote system expects me to be using cisco too. My configuration instructions are therefore ciso only. I am using freeswan as included in Trustix 2.0, which is a standard 2.00 with X.509 version 1.3.2.
My first problem was that the remote end expected a isakmp sa lifetime of 24 hours. Apparently this value is changeable in IOS. The problem resolved itself by changing OAKLEY_ISAKMP_SA_LIFETIME_MAXIMUM to 86400 in programs/pluto/constants.h.
Still, I could not get a working connection. It looks like the remote end wants to give us the IP 10.192.3.23. Freeswan then tries a reverse lookup on that address. That does not work at all, and the connection seems to fail. Is my analysis of this anywhere near correct? Should freeswan try to do a reverse of this when opportunistic is not in use?
The pluto log and my ipsec.conf can be found at: http://www.newmad.no/~pergj/pluto.log http://www.newmad.no/~pergj/ipsec.conf
Per Kristian
_______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
