Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

checkpoint fp3 and freeswan-1.99

From: Ivan <ivan () inah gob mx>
Date: Mon, 20 Oct 2003 11:47:25 -0600

hello list
this is my ipsec.conf

conn check-encdomlinx
        type=tunnel
        left=148.223.133.234
        leftnexthop=148.223.133.225
        leftsubnet=192.168.64.0/24
        right=200.95.38.193
        rightnexthop=148.223.182.205
        rightsubnet=192.168.65.0/24
        keyexchange=ike
        auth=esp
        pfs=no

the ipsec.secrets

200.x.x.x 148.x.x.x  "3comcare"


in my checkpoint i had define my vpn community. iam following the how to 
found in the www.freeswan.org but when i did create the rule y dont
found the option encryption in the column action only i have 
accept or drop or reject but not encryption option



the freeswan log


Oct 20 11:36:51 cordoba pluto[26742]: Starting Pluto (FreeS/WAN Version 1.99)
Oct 20 11:36:52 cordoba pluto[26742]: listening for IKE messages
Oct 20 11:36:52 cordoba pluto[26742]: adding interface ipsec0/ppp0
200.95.38.193
Oct 20 11:36:52 cordoba pluto[26742]: adding interface ipsec1/eth1
192.168.65.50
Oct 20 11:36:52 cordoba pluto[26742]: loading secrets from "/etc/ipsec.secrets"
Oct 20 11:36:52 cordoba pluto[26742]: added connection description
"check-encdomlinx"
Oct 20 11:36:52 cordoba pluto[26742]: "check-encdomlinx" #1: initiating Main
Mode
Oct 20 11:36:52 cordoba pluto[26742]: "check-encdomlinx" #1: ISAKMP SA
established
Oct 20 11:36:52 cordoba pluto[26742]: "check-encdomlinx" #2: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+DISABLEARRIVALCHECK
Oct 20 11:36:52 cordoba pluto[26742]: "check-encdomlinx" #2: ignoring
informational payload, type IPSEC_RESPONDER_LIFETIME
Oct 20 11:36:52 cordoba pluto[26742]: "check-encdomlinx" #2: sent QI2, IPsec SA
established


the warning

"check-encdomlinx" #1: cannot respond to IPsec SA request because no connection
is known for 200.95.38.193...148.223.133.234
Oct 20 11:38:07 cordoba pluto[26742]: "check-encdomlinx" #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID 0x06898e24
(perhaps this is a duplicated packet)


thanks in advance and excusme for my english




----------------------------------------------------------------
Este mensaje fue enviado por el servidor de correo del INAH
vista nuestra pagina http://www.inah.gob.mx
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: