On Jan 4, 2006, at 9:32 AM, Hekan Olsson wrote:
On 4 jan 2006, at 05.57, Jason Dixon wrote:
After some gentle persuading by Adrian Close, I dropped ipsecadm
and went back to automatic key exchange with isakmpd. A quick
configuration based on the east/west and all is good. Same PF
configuration, no changes there except for the addition of ISAKMP
traffic. Don't know what the problem was, although I'm sure it
was user related.
Your manual setup only included one SA (SPI 0x100a), and you always
need atleast two, as an SA is unidirectional.
I tried that too before moving over to ISAKMP. It was still behaving
the same, but it was probably user error.
Thanks,
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
