3des, sha1, PFS disabled. On 9/3/07, Hans-Joerg Hoexer <[EMAIL PROTECTED]> wrote: > Hi, > > which transforms are configured on the ISA server for phase 2? > > On Mon, Sep 03, 2007 at 02:21:24PM +0100, JosC) Costa wrote: > > How can I solve this? Any docs about it? Debugging? > > > > On 9/3/07, Hans-Joerg Hoexer <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > > > On Mon, Sep 03, 2007 at 12:59:48PM +0100, JosC) Costa wrote: > > > > > > > > Sep 3 13:49:55 obsd1 isakmpd[1074]: dropped message from 172.26.10.83 > > > > port 500 due to notification type NO_PROPOSAL_CHOSEN > > > > Sep 3 13:49:55 obsd1 isakmpd[1074]: responder_recv_HASH_SA_NONCE: > > > > KEY_EXCH payload without a group desc. attribute > > > > Sep 3 13:49:55 obsd1 isakmpd[1074]: dropped message from 172.26.10.83 > > > > port 500 due to notification type NO_PROPOSAL_CHOSEN > > > > Sep 3 13:49:55 obsd1 isakmpd[1074]: responder_recv_HASH_SA_NONCE: > > > > KEY_EXCH payload without a group desc. attribute > > > > > > isakmpd does not like the transforms for phase 2 proposed by the other > > > peer. It seems, that phase 2 has no group description. > > > > > > > > > > > --- /etc/ipsec.conf --- > > > > > > > > ike dynamic esp from 10.0.0.0/24 to 10.0.1.0/24 peer 172.26.10.83 \ > > > > main auth hmac-sha1 enc 3des group modp1024 \ > > > > quick auth hmac-sha1 enc 3des \ > > > > psk teste tag teste > > > > > > > > In the ISA Server is configured correctly for the Phase-1 and Phase-2 > > > > encriptions and auths. > > > > > > > > Any help here? > > > > > > > > > > > > On 8/31/07, Jeff Quast <[EMAIL PROTECTED]> wrote: > > > > > I tried to learn with HOWTO's, I didnt have the internet at home at > > > > > the time. I printed out maybe 50 pages of various HOWTO's. > > > > > > > > > > When I got home, I found none of them were up to date with the current > > > > > (easy) capabilities of OpenBSD using ipsec.conf and ipsecctl... I > > > > > ended up learning how to do ipsec with just the manuals. > > > > > > > > > > You'd be amazed how easy it went. > > > > > > > > > > On 8/31/07, JosC) Costa <[EMAIL PROTECTED]> wrote: > > > > > > Hello, > > > > > > > > > > > > Anyone knows a really good IPSec howto besides the man pages?
