Maybe fw rules at responder's side ???
Michel Wilson wrote:
Hello,
I have a fairly interesting problem with my ipsec tunnel. When I trigger initialization from one endpoint, the tunnel comes up without any problems. But, when I trigger it from the other site, it will not come up!
The initiator has the following information in the logfiles: Aug 19 14:19:24 [racoon] INFO: IPsec-SA request for 80.57.98.xxx queued due to no phase1 found. Aug 19 14:19:24 [racoon] INFO: initiate new phase 1 negotiation: 82.210.90.xxx[500]<=>80.57.98.xxx[500]_ Aug 19 14:19:24 [racoon] INFO: begin Aggressive mode._ Aug 19 14:19:55 [racoon] ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 80.57.98.112->82.210.90.xxx _
The responder has the following information: Aug 19 14:19:24 [racoon] INFO: respond new phase 1 negotiation: 80.57.98.xxx[500]<=>82.210.90.xxx[500]_ Aug 19 14:19:24 [racoon] INFO: begin Aggressive mode._ Aug 19 14:19:44 [racoon] NOTIFY: the packet is retransmitted by 82.210.90.xxx[500]._ Aug 19 14:20:04 [racoon] NOTIFY: the packet is retransmitted by 82.210.90.xxx[500]._ Aug 19 14:20:24 [racoon] NOTIFY: the packet is retransmitted by 82.210.90.xxx[500]._
What could be the cause of this problem? Thanks in advance for any
suggestions.
- : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
