forum.opennet.ru

Составление сообщения

Исходное сообщение

"(за деньги) vpn ipsec между Cisco ASA и Linux клиентом"
Отправлено philippov, 19-Апр-08 18:19

>что-то типа ipsec-tools, но ситуация ограничивается использованием дистибутива SLAX. И
>там я уже не в силах скомпилировать и установить ipsec-tools. Потому прошу
>помощи.
Установил ipsec-tools. Настроил psk.txt, setkey.conf, racoon.conf
echo 1 > /proc/sys/net/ipv4/ip_forwarding
setkey -f /etc/racoon/setkey.conf
racoon -f /etc/racoon/racoon.conf -F
делаем пинг в сеть главного офиса и смотрим за выводом racoon
2008-04-19 17:48:02: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)
2008-04-19 17:48:02: INFO: @(#)This product linked OpenSSL 0.9.8g 19 Oct 2007 (http://www.openssl.org/)
2008-04-19 17:48:02: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2008-04-19 17:48:02: DEBUG: call pfkey_send_register for AH
2008-04-19 17:48:02: DEBUG: call pfkey_send_register for ESP
2008-04-19 17:48:02: DEBUG: call pfkey_send_register for IPCOMP
2008-04-19 17:48:02: INFO: Resize address pool from 0 to 255
2008-04-19 17:48:02: DEBUG: reading config file /etc/racoon/racoon.conf
2008-04-19 17:48:02: INFO: 88.31.254.216[500] used as isakmp port (fd=6)
2008-04-19 17:48:02: INFO: 88.31.254.216[500] used for NAT-T
2008-04-19 17:48:07: INFO: IPsec-SA request for 212.XXX.XXX.XXX queued due to no phase1 found.
2008-04-19 17:48:07: INFO: initiate new phase 1 negotiation: 88.31.254.216[500]<=>212.XXX.XX.XXX[500]
2008-04-19 17:48:07: INFO: begin Identity Protection mode.
2008-04-19 17:48:10: INFO: received broken Microsoft ID: FRAGMENTATION
2008-04-19 17:48:10: INFO: received Vendor ID: CISCO-UNITY
2008-04-19 17:48:10: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
2008-04-19 17:48:11: INFO: received Vendor ID: DPD
2008-04-19 17:48:11: ERROR: Expecting IP address type in main mode, but FQDN.
2008-04-19 17:48:11: ERROR: invalid ID payload.
2008-04-19 17:48:20: INFO: received Vendor ID: DPD
2008-04-19 17:48:20: ERROR: Expecting IP address type in main mode, but FQDN.
2008-04-19 17:48:20: ERROR: invalid ID payload.
2008-04-19 17:48:21: ERROR: ignore information because ISAKMP-SAhas not been established yet.
2008-04-19 17:48:23: ERROR: ignore information because ISAKMP-SAhas not been established yet.
2008-04-19 17:48:25: ERROR: ignore information because ISAKMP-SAhas not been established yet.
2008-04-19 17:48:27: ERROR: ignore information because ISAKMP-SAhas not been established yet.
Где копать ? Как понимать два первых сообщения ERROR ?

Исходное сообщение
"(за деньги) vpn ipsec между Cisco ASA и Linux клиентом" Отправлено philippov, 19-Апр-08 18:19
>что-то типа ipsec-tools, но ситуация ограничивается использованием дистибутива SLAX. И >там я уже не в силах скомпилировать и установить ipsec-tools. Потому прошу >помощи. Установил ipsec-tools. Настроил psk.txt, setkey.conf, racoon.conf echo 1 > /proc/sys/net/ipv4/ip_forwarding setkey -f /etc/racoon/setkey.conf racoon -f /etc/racoon/racoon.conf -F делаем пинг в сеть главного офиса и смотрим за выводом racoon 2008-04-19 17:48:02: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net) 2008-04-19 17:48:02: INFO: @(#)This product linked OpenSSL 0.9.8g 19 Oct 2007 (http://www.openssl.org/) 2008-04-19 17:48:02: INFO: Reading configuration from "/etc/racoon/racoon.conf" 2008-04-19 17:48:02: DEBUG: call pfkey_send_register for AH 2008-04-19 17:48:02: DEBUG: call pfkey_send_register for ESP 2008-04-19 17:48:02: DEBUG: call pfkey_send_register for IPCOMP 2008-04-19 17:48:02: INFO: Resize address pool from 0 to 255 2008-04-19 17:48:02: DEBUG: reading config file /etc/racoon/racoon.conf 2008-04-19 17:48:02: INFO: 88.31.254.216[500] used as isakmp port (fd=6) 2008-04-19 17:48:02: INFO: 88.31.254.216[500] used for NAT-T 2008-04-19 17:48:07: INFO: IPsec-SA request for 212.XXX.XXX.XXX queued due to no phase1 found. 2008-04-19 17:48:07: INFO: initiate new phase 1 negotiation: 88.31.254.216[500]<=>212.XXX.XX.XXX[500] 2008-04-19 17:48:07: INFO: begin Identity Protection mode. 2008-04-19 17:48:10: INFO: received broken Microsoft ID: FRAGMENTATION 2008-04-19 17:48:10: INFO: received Vendor ID: CISCO-UNITY 2008-04-19 17:48:10: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt 2008-04-19 17:48:11: INFO: received Vendor ID: DPD 2008-04-19 17:48:11: ERROR: Expecting IP address type in main mode, but FQDN. 2008-04-19 17:48:11: ERROR: invalid ID payload. 2008-04-19 17:48:20: INFO: received Vendor ID: DPD 2008-04-19 17:48:20: ERROR: Expecting IP address type in main mode, but FQDN. 2008-04-19 17:48:20: ERROR: invalid ID payload. 2008-04-19 17:48:21: ERROR: ignore information because ISAKMP-SAhas not been established yet. 2008-04-19 17:48:23: ERROR: ignore information because ISAKMP-SAhas not been established yet. 2008-04-19 17:48:25: ERROR: ignore information because ISAKMP-SAhas not been established yet. 2008-04-19 17:48:27: ERROR: ignore information because ISAKMP-SAhas not been established yet. Где копать ? Как понимать два первых сообщения ERROR ?

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	>>что-то типа ipsec-tools, но ситуация ограничивается использованием дистибутива SLAX. И >>там я уже не в силах скомпилировать и установить ipsec-tools. Потому прошу >>помощи. > Установил ipsec-tools. Настроил psk.txt, setkey.conf, racoon.conf > echo 1 > /proc/sys/net/ipv4/ip_forwarding > setkey -f /etc/racoon/setkey.conf > racoon -f /etc/racoon/racoon.conf -F > делаем пинг в сеть главного офиса и смотрим за выводом racoon > 2008-04-19 17:48:02: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net) > 2008-04-19 17:48:02: INFO: @(#)This product linked OpenSSL 0.9.8g 19 Oct 2007 (http://www.openssl.org/) > 2008-04-19 17:48:02: INFO: Reading configuration from "/etc/racoon/racoon.conf" > 2008-04-19 17:48:02: DEBUG: call pfkey_send_register for AH > 2008-04-19 17:48:02: DEBUG: call pfkey_send_register for ESP > 2008-04-19 17:48:02: DEBUG: call pfkey_send_register for IPCOMP > 2008-04-19 17:48:02: INFO: Resize address pool from 0 to 255 > 2008-04-19 17:48:02: DEBUG: reading config file /etc/racoon/racoon.conf > 2008-04-19 17:48:02: INFO: 88.31.254.216[500] used as isakmp port (fd=6) > 2008-04-19 17:48:02: INFO: 88.31.254.216[500] used for NAT-T > 2008-04-19 17:48:07: INFO: IPsec-SA request for 212.XXX.XXX.XXX queued due to no phase1 > found. > 2008-04-19 17:48:07: INFO: initiate new phase 1 negotiation: 88.31.254.216[500]<=>212.XXX.XX.XXX[500] > 2008-04-19 17:48:07: INFO: begin Identity Protection mode. > 2008-04-19 17:48:10: INFO: received broken Microsoft ID: FRAGMENTATION > 2008-04-19 17:48:10: INFO: received Vendor ID: CISCO-UNITY > 2008-04-19 17:48:10: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt > 2008-04-19 17:48:11: INFO: received Vendor ID: DPD > 2008-04-19 17:48:11: ERROR: Expecting IP address type in main mode, but FQDN. > 2008-04-19 17:48:11: ERROR: invalid ID payload. > 2008-04-19 17:48:20: INFO: received Vendor ID: DPD > 2008-04-19 17:48:20: ERROR: Expecting IP address type in main mode, but FQDN. > 2008-04-19 17:48:20: ERROR: invalid ID payload. > 2008-04-19 17:48:21: ERROR: ignore information because ISAKMP-SAhas not been established > yet. > 2008-04-19 17:48:23: ERROR: ignore information because ISAKMP-SAhas not been established > yet. > 2008-04-19 17:48:25: ERROR: ignore information because ISAKMP-SAhas not been established > yet. > 2008-04-19 17:48:27: ERROR: ignore information because ISAKMP-SAhas not been established > yet. > Где копать ? Как понимать два первых сообщения ERROR ?
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру