Racoon + PIX 515 .... unsuccessful story!

[Wilfried BARNAVON RPi]

Hi !

I found your  mail on this website:
http://klub.chip.pl/nolewajk/work/freebsd/FreeBSD-howto.htm
.... where you said being "positive" so .....


I intend to connect from a Cisco pix515 to a Linux box. My Linux box is
built on a 2.6.5 kernel and I use ipsec-tools version 0.3. It is very
similar to a BSD config !

Well here is the racoon debug:
INFO: initiate new phase 2 negotiation: 81.255.81.44[0]<=>81.255.86.117[0]
2004-04-15 05:28:58: ERROR: unknown notify message, no phase2 handle found.

In fact I suspect the PIX 515 not understanding IPCOMP.
However I don't know howto deactivate the compression in the SA through
Racoon. I can't put other
argument that "DEFLATE / LZS / OUI".

I give your my racoon's configuration:


[root at localhost ipsec-tools-0.3]# cat /etc/racoon.conf
path pre_shared_key "/etc/psk.txt";
remote I.J.K.L {
            exchange_mode main,base;
            doi ipsec_doi;
            situation identity_only;

            my_identifier address "A.B.C.D";
            send_cert off;
            send_cr off;
            verify_cert off;
            support_proxy on;

            initial_contact on;
            proposal_check obey;

            lifetime time 24 hour;

            proposal {
                hash_algorithm md5;
                encryption_algorithm 3des;
                authentication_method pre_shared_key;
                dh_group 2;
            }
}


# Net to Net
sainfo address 192.168.1.0/24 any address 192.168.2.0/24 any {
            authentication_algorithm hmac_md5;
            encryption_algorithm 3des;
            compression_algorithm deflate;
            pfs_group 2;
}


Really I need a little help from you :)

Regards


Wilfried BARNAVON – Ingénieur Réseau
Solutions Linux  - R.H.C.E. (808003698808020)
w.barnavon at cpro.fr

Tel : 04 75 78 45 45
Fax : 04 75 56 05 07