Maurice Massar wrote:
> in short:
> vpnc progresses without problems until it starts the IPsec SA
> negotiation, at which point the concentrator sends a ISAKMP delete
> notice.
> This means that the concentrator did not look at the SA proposal at
> all, and was expecting vpnc to do "something else" first...
Ok, I've discovered what this is, I think. The concentrator is a Cisco 3000
that's been configured to insist that the client switched on its internal
firewall. I've tested the Linux Cisco client, however the Linux client does
not support the firewall functionality, hence it terminates with an error
like so...
Authenticating user.
Negotiating security policies.
Securing communication channel.
Secure VPN Connection terminated by Peer.
Reason: Firewall Policy Mismatch.
There are no new notification messages at this time.
Would a debug trace still be useful in this instance or should I install the
Windows version & get a log?
--
Ian Cass
> in short:
> vpnc progresses without problems until it starts the IPsec SA
> negotiation, at which point the concentrator sends a ISAKMP delete
> notice.
> This means that the concentrator did not look at the SA proposal at
> all, and was expecting vpnc to do "something else" first...
Ok, I've discovered what this is, I think. The concentrator is a Cisco 3000
that's been configured to insist that the client switched on its internal
firewall. I've tested the Linux Cisco client, however the Linux client does
not support the firewall functionality, hence it terminates with an error
like so...
Authenticating user.
Negotiating security policies.
Securing communication channel.
Secure VPN Connection terminated by Peer.
Reason: Firewall Policy Mismatch.
There are no new notification messages at this time.
Would a debug trace still be useful in this instance or should I install the
Windows version & get a log?
--
Ian Cass