[prev in list] [next in list] [prev in thread] [next in thread]
List: openikev2-users
Subject: Re: [openikev2-users] Fw: transport mode with openikev2
From: Alejandro Perez Mendez <alejandro_perez () dif ! um ! es>
Date: 2007-11-09 10:53:48
Message-ID: 1194605628.12240.53.camel () diffie
[Download RAW message or body]
Hi Xiaowei,
When an IP address is requested, openikev2 responder creates dynamically
the policies to protect the folowing traffic:
assigned address <----> configured protected subnet
After that, it tries to match TSi and TSr with these values.
Your initiator implementation is requesting for an IP address, but the
TSi values don't match with the assigned address, so the proposal is
invalid.
The best way to construct the TSi value when an IP address is going to
be assigned is to set them to 0.0.0.0-255.255.255.255 value, in order to
match with any address assigned by the server side. (see RFC 4306,
internal address section for an example)
Best regards,
Alejandro
> ----- Forwarded Message ----
> From: xiaowei wang <xiaoweius@yahoo.com>
> To: mailman-owner@dif.um.es
> Sent: Thursday, November 8, 2007 3:28:55 PM
> Subject: transport mode with openikev2
>
>
> Hi,
>
> I am trying to use transport mode with openikev2, however the login was
> failed because of the UNACCEPTABLE TS PAYLOAD. I checked the TS
> PAYLOAD, it looks good.
> Can you please let me know why openikev2 gateway rejected it?
> The configuration file and log are attached as below.
>
> Thanks in advance!
> Xiaowei
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________ openikev2-users mailing list \
> openikev2-users@dif.um.es \
> https://correo.dif.um.es/cgi-bin/mailman/listinfo/openikev2-users
_______________________________________________
openikev2-users mailing list
openikev2-users@dif.um.es
https://correo.dif.um.es/cgi-bin/mailman/listinfo/openikev2-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic