IPSEC help
john decot
johndecot at yahoo.com
Thu Nov 22 07:08:35 PST 2007
Hi,
tcpdump shows only isakmp information , there is no information about esp and AH header.
08:05:55.761245 IP 202.70.87.123.isakmp > ws130173.corporate-access.com.isakmp: isakmp: phase 1 ? ident[E]
08:05:55.775403 IP 202.70.87.121 > 202.70.87.123: ICMP redirect ws130173.corporate-access.com to host ws130173.corporate-access.com, length 556
08:05:55.778172 IP 202.70.87.123.isakmp > ws130173.corporate-access.com.isakmp: isakmp: phase 1 ? ident[E]
Regards,
John
VANHULLEBUS Yvan <vanhu_bsd at zeninc.net> wrote: On Tue, Nov 20, 2007 at 08:46:28AM -0800, john decot wrote:
> Hi,
>
> I have change life time in both side i.e 28800 sec but unlucky again.
>
[
> 2007-11-20 20:27:31: ERROR: ignore information because ISAKMP-SA has not been established yet.
Do a tcpdump/wireshark and have a look at what's in that informational
message...
Yvan.
--
NETASQ
http://www.netasq.com
---------------------------------
Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now.
More information about the freebsd-security
mailing list