[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPsec policy ?N



hi,
  Am getting the following error when debugging isakmpd -d :

092714.204045 Default check_policy: negotiated SA failed policy check
092714.205185 Default message_negotiate_sa: no compatible proposal found
092714.206151 Default dropped message from 192.168.123.123 port 500 due to notification type NO_PROPOSAL_CHOSEN
092714.209647 Default responder_recv_HASH_SA_NONCE: KEY_EXCH payload without a group desc. attribute
092714.211067 Default dropped message from 192.168.123.123 port 500 due to notification type NO_PROPOSAL_CHOSEN

Here is the start of a policy:

Keynote-Version: 2
Comment: This policy accepts ESP SAs from a remote that uses the right password
Authorizer: "POLICY"
Licensees: "passphrase:same_str_as_Authorization_in_conf"
Conditions: app_domain == "IPsec policy" &&
            esp_present == "yes"; 

 Now the error appears to be that when the check in isakmpd.policy is 
made it fails due to the negotiation failing w/ no compatible proposal.
ok and notifies by NO_PROPOSAL_CHOSEN. But doesn't the isakmpd.policy 
set the suggestions/proposals. Have tried Quite a few combinations to 
see something that works. Any ideas or suggestions;-}

TIA



Visit your host, monkey.org