GOT IT :) Love it when it all falls in place :) Damiens advice of -D99 worked a treat - we saw that the quick and main auths were not playing nice so I had to add the 'quick auth hmac-md5 enc 3des' bits as well - DOH!
I must say tho that /etc/ipsec.conf is MUCH easier than the old way so nice work guys :) Last reason to hang on to the Cisco router just dissapeared :) Thanks all Kolchak On 4/5/06, Hans-Joerg Hoexer <[EMAIL PROTECTED]> wrote: > On Wed, Apr 05, 2006 at 05:13:36PM +1000, Karl Kopp wrote: > > > > Firstly, I thought I could just use /etc/ipsec.conf (right?) and a > > line like this: > > > > ike esp from 10.1.1.0/24 to 202.1.1.0/24 peer 202.1.1.30 main auth > > hmac-md5 enc 3des psk shhhSecret > > this looks correct. > > Additionally to the debug hints damien already gave, please provide > me the pcap fiel generated with "-L" of such an exchange. > > HJ.
