[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmp issues



How bout some details?  Config files, a little more info, etc.


------
Chavous P. Camp <cpc_(_at_)_scconsultants_(_dot_)_net>
Member
Salter & Camp Consultants, Ltd. Co.
1213 Lady St.
PO Box 11285
Columbia, SC 29211-1285
Tele: +1 803 461 8970  Fax: +1 803 461 8973
Computer & Information Architects
--------------------------------------------

-----Original Message-----
From: owner-misc_(_at_)_openbsd_(_dot_)_org [mailto:owner-misc_(_at_)_openbsd_(_dot_)_org] On Behalf
Of Johnathan Norman
Sent: Thursday, January 16, 2003 12:59 PM
To: misc_(_at_)_openbsd_(_dot_)_org
Subject: isakmp issues


I am having some problems with isakmp. It seems that it is set up right 
but I am not seeing SA's being created. Anyone know what I am doing
wrong?

here is some of the debug from one end...

034447.110142 Misc 95 conf_get_str: configuration value not found 
[General]:check-interval
034447.110228 Timr 10 timer_add_event: event 
connection_checker(0x1b6af0) added last, expiration in 60s
034447.110302 SA   90 sa_find: no SA matched query
034447.110379 Sdep 70 pf_key_v2_connection_check: SA for 
IPsec-firewall-office missing
034447.110476 Misc 95 conf_get_str: [IPsec-firewall-office]:Phase->2
034447.110546 Exch 90 exchange_lookup_by_name: IPsec-firewall-office == 
office && 2 == 1?
034447.110628 Misc 95 conf_get_str: 
[IPsec-firewall-office]:ISAKMP-peer->office
034447.110706 SA   90 sa_find: no SA matched query
034447.110802 Misc 95 conf_get_str: [office]:Phase->1
034447.110870 Misc 95 conf_get_str: [office]:Phase->1
034447.110947 Exch 90 exchange_lookup_by_name: office == office && 1 ==
1?
034447.111025 Exch 40 exchange_establish: office exchange already exists

as 0x114800
034447.111096 Exch 90 exchange_lookup_by_name: office == office && 1 ==
1?


and from the other end.


115607.260331 Timr 10 timer_add_event: event 
connection_checker(0x1a8630) added last, expiration in 60s
115607.260899 SA   90 sa_find: no SA matched query
115607.261321 Sdep 70 pf_key_v2_connection_check: SA for 
IPsec-office-firewall missing
115607.261862 Misc 95 conf_get_str: [IPsec-office-firewall]:Phase->2
115607.262311 Exch 90 exchange_lookup_by_name: IPsec-office-firewall == 
firewall && 2 == 1?
115607.262837 Misc 95 conf_get_str: 
[IPsec-office-firewall]:ISAKMP-peer->firewall
115607.263263 SA   90 sa_find: no SA matched query
115607.263801 Misc 95 conf_get_str: [firewall]:Phase->1
115607.264239 Misc 95 conf_get_str: [firewall]:Phase->1
115607.264782 Exch 90 exchange_lookup_by_name: firewall == firewall && 1

== 1?
115607.265209 Exch 40 exchange_establish: firewall exchange already 
exists as 0x106900
115607.265737 Exch 90 exchange_lookup_by_name: firewall == firewall && 1

== 1?


and tcpdump

03:46:03.242688 3.3.3.3.500 > 2.2.2.2.500:  isakmp v1.0 exchange ID_PROT
         cookie: 9ca385316ea94d7f->44e4738c6a553023 msgid: 00000000 len:

80 [tos 0x60]
03:46:03.243170 2.2.2.2.500 > 3.3.3.3.500:  isakmp v1.0 exchange INFO
         cookie: cc999405136814b9->0000000000000000 msgid: 00000000 len:
56
03:46:14.151358 2.2.2.2.500 > 3.3.3.3.500:  isakmp v1.0 exchange ID_PROT
         cookie: 9ca385316ea94d7f->0000000000000000 msgid: 00000000 len:
80
03:46:14.259723 3.3.3.3.500 > 2.2.2.2.500:  isakmp v1.0 exchange ID_PROT
         cookie: 9ca385316ea94d7f->44e4738c6a553023 msgid: 00000000 len:

80 [tos 0x60]
03:46:14.260170 2.2.2.2.500 > 3.3.3.3.500:  isakmp v1.0 exchange INFO
         cookie: 1559ca96a3db5293->0000000000000000 msgid: 00000000 len:
56

[demime 0.98d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]



Visit your host, monkey.org