Login or Register to Ask a Question and Join Our Community


Cybersecurity

Problem while establishing ISAKMP in ipsec

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Problem while establishing ISAKMP in ipsec
# 1  
Old 04-29-2008
Problem while establishing ISAKMP in ipsec
Hi,
I am facing problem while setting up ISAKMP between two hosts.
I can see only the Initiator messages but no responder messages in tcpdump. Does anyone know the cause of this behaviour?

FYI, here is the extracted information from tcpdump :
14:47:08.699113 IP 10.118.231.143.isakmp > 10.118.231.130.isakmp: isakmp: phase 1 I ident
14:47:08.699120 IP 10.118.231.130 > 10.118.231.143: icmp 164: 10.118.231.130 udp port isakmp unreachable
14:47:28.610347 IP 10.118.231.143.isakmp > 10.118.231.130.isakmp: isakmp: phase 1 I ident
14:47:28.610353 IP 10.118.231.130 > 10.118.231.143: icmp 164: 10.118.231.130 udp port isakmp unreachable
14:47:53.540184 IP 10.118.231.143.isakmp > 10.118.231.130.isakmp: isakmp: phase 1 I ident
14:47:53.583540 IP 10.118.231.143.isakmp > 10.118.231.130.isakmp: isakmp: phase 1 I ident
14:47:53.626519 IP 10.118.231.143.isakmp > 10.118.231.130.isakmp: isakmp: phase 1 I ident[E]
14:47:53.661367 IP 10.118.231.143.isakmp > 10.118.231.130.isakmp: isakmp: phase 2/others I oakley-quick[E]
14:47:53.705619 IP 10.118.231.143.isakmp > 10.118.231.130.isakmp: isakmp: phase 2/others I oakley-quick[E]

Regards
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Establishing connectivity between two servers

I am trying to establish passwordless connectivity between server A and server B, but unsuccessfuly, because I beleive two issues. the first one is that on both servers, it is not possible to use root to login, it only allows to connect using a user (any) them su - root, which in turns I am able... (1 Reply)
Discussion started by: fretagi
1 Replies

2. UNIX for Beginners Questions & Answers

Sftp connection not establishing from Linux to DataPower

Hi Everyone, I am trying to send files from Linux to DataPower server using public key based authentication but it's not working as expected and every-time password expecting for sftp transfer. Can someone please help on this? Steps I fallowed: Created keys pair at source server... (4 Replies)
Discussion started by: renukeswar
4 Replies

3. Red Hat

Samba Server not accessible after establishing iptables rules

Hi All, If I disable the iptables on the server then I can use the command mount -t cifs //192.168.122.21/sharedata tmpdata -o username=smbuser4,password=1234 If I enable the iptables. However I have use the commands on server iptables -A INPUT -m state --state NEW -m udp -p udp --dport... (1 Reply)
Discussion started by: joj123
1 Replies

4. Shell Programming and Scripting

Establishing remote connection to a Xserver from a UNIX Box

Hello Guys , I have been working on a script where we are looking to connect a remote Xserver from a Unix box. Once a connection is made , i need to run several commands on remote machine to check various stuffs. As per my knowledge on unix (which is like a drop in ocean) , i found SSH as a... (7 Replies)
Discussion started by: himanshu sood
7 Replies

5. Cybersecurity

IPSEC

hello, after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration! I also generate different key for AH and ESP as i have shown below. what is my problem and what should i do to have ping and test the configuration? code: ... (0 Replies)
Discussion started by: elinaz
0 Replies

6. Ubuntu

establishing connection with e-kermit running on LINUX from my operating system

we designed a primitive operating system for learning basics fundamentals and we created process switching, interrupt/polled IO for device drivers like UART and printers. We accomplish this by using our own tools called SPEDE (for downloading compiled elf image from host ubuntu system that have... (0 Replies)
Discussion started by: bicepjai
0 Replies

7. BSD

Problem on IPSec

Hi, this is my first post...:p Hello Admin :) Can I have an ask for something with my configuration ? I have finished some kind of the tutorial to build ipsec site to site, and the "step" has finished completely. I have a simulation with a local design topology with two PC's (FreeBSD ... (0 Replies)
Discussion started by: aulia
0 Replies

8. SuSE

NoMachine NX window closes after establishing connection

Hi, I am trying to use nomachine nx server and client. But somehow it doen't work. What happens is the following: 1.- Client starts up 2.- Client authenticates with Server 3.- The NoMachine window appears for 2-4 seconds 4.- The NoMachine window exists Somehow a "closeEvent" is sent.... (3 Replies)
Discussion started by: blackicecube
3 Replies

9. Shell Programming and Scripting

Problem establishing Connection on the LAN

Hi everybody i need your help on this I have LAN which run Sun microsystem with solaris 7 OS on each of the servers. The LAN was working fine before an interruption of power supply which makes servers to operating as standalone servers. i.e none of the servers have access to one another. How do i... (2 Replies)
Discussion started by: sbmada
2 Replies

10. UNIX for Dummies Questions & Answers

Establishing connections

Hello there, just a quick question.....Can someone please explain the concept that enables you to establish a connection using the same userId Thanx (1 Reply)
Discussion started by: BigTool4u2
1 Replies
Login or Register to Ask a Question

LEARN ABOUT NETBSD

racoonctl

RACOONCTL(8)						    BSD System Manager's Manual 					      RACOONCTL(8)

NAME

     racoonctl -- racoon administrative control tool

SYNOPSIS

     racoonctl [opts] reload-config
     racoonctl [opts] show-schedule
     racoonctl [opts] show-sa [isakmp|esp|ah|ipsec]
     racoonctl [opts] get-sa-cert [inet|inet6] src dst
     racoonctl [opts] flush-sa [isakmp|esp|ah|ipsec]
     racoonctl [opts] delete-sa saopts
     racoonctl [opts] establish-sa [-w] [-n remoteconf] [-u identity] saopts
     racoonctl [opts] vpn-connect [-u identity] vpn_gateway
     racoonctl [opts] vpn-disconnect vpn_gateway
     racoonctl [opts] show-event
     racoonctl [opts] logout-user login

DESCRIPTION

     racoonctl is used to control racoon(8) operation, if ipsec-tools was configured with adminport support.  Communication between racoonctl and
     racoon(8) is done through a UNIX socket.  By changing the default mode and ownership of the socket, you can allow non-root users to alter
     racoon(8) behavior, so do that with caution.

     The following general options are available:

     -d      Debug mode.  Hexdump sent admin port commands.

     -l      Increase verbosity.  Mainly for show-sa command.

     -s socket
	     Specify unix socket name used to connecting racoon.

     The following commands are available:

     reload-config
	     This should cause racoon(8) to reload its configuration file.

     show-schedule
	     Unknown command.

     show-sa [isakmp|esp|ah|ipsec]
	     Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.	Use -l to
	     increase verbosity.

     get-sa-cert [inet|inet6] src dst
	     Output the raw certificate that was used to authenticate the phase 1 matching src and dst.

     flush-sa [isakmp|esp|ah|ipsec]
	     is used to flush all SAs if no SA class is provided, or a class of SAs, either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec
	     SAs.

     establish-sa [-w] [-n remoteconf] [-u username] saopts
	     Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.  The optional -u username can be used when establishing an ISAKMP
	     SA while hybrid auth is in use.  The exact remote block to use can be specified with -n remoteconf.  racoonctl will prompt you for
	     the password associated with username and these credentials will be used in the Xauth exchange.

	     Specifying -w will make racoonctl wait until the SA is actually established or an error occurs.

	     saopts has the following format:

	     isakmp {inet|inet6} src dst

	     {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
	       {icmp|tcp|udp|gre|any}

     vpn-connect [-u username] vpn_gateway
	     This is a particular case of the previous command.  It will establish an ISAKMP SA with vpn_gateway.

     delete-sa saopts
	     Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.

     vpn-disconnect vpn_gateway
	     This is a particular case of the previous command.  It will kill all SAs associated with vpn_gateway.

     show-event
	     Listen for all events reported by racoon(8).

     logout-user login
	     Delete all SA established on behalf of the Xauth user login.

     Command shortcuts are available:
	   rc	reload-config
	   ss	show-sa
	   sc	show-schedule
	   fs	flush-sa
	   ds	delete-sa
	   es	establish-sa
	   vc	vpn-connect
	   vd	vpn-disconnect
	   se	show-event
	   lu	logout-user

RETURN VALUES

     The command should exit with 0 on success, and non-zero on errors.

FILES

     /var/racoon/racoon.sock or
     /var/run/racoon.sock	     racoon(8) control socket.

SEE ALSO

     ipsec(4), racoon(8)

HISTORY

     Once was kmpstat in the KAME project.  It turned into racoonctl but remained undocumented for a while.  Emmanuel Dreyfus <manu@NetBSD.org>
     wrote this man page.

BSD
								  March 12, 2009							       BSD