[hipl-users] Re: Hi3: Successful BaseExch, but no connection setup
- From: Miika Komu <miika@xxxxxx>
- To: hipl-users@xxxxxxxxxxxxx
- Date: Mon, 4 Feb 2008 10:57:35 +0200 (EET)
On Mon, 4 Feb 2008, Jeab wrote:
Hi,
IPsec security associations seem correct to me.
Hello Miika,
Thanks for your comment!. Herewith shows "ip xfrm state" and "ip xfrm policy"
of both machines. I cannot see what wrong from below outputs. Could you kindly suggest?
*********************************************************************************************
@INITIATOR
# hipconf nat on
# test/hipsetup -i RESP
*********************************************************************************************
[root@INIT~]# ip xfrm state
src 192.168.0.8 dst 192.168.0.9
proto esp spi 0x0294784d reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0xdc2e6b0cbf332cab0b40818b1745e8047e158121
enc cbc(aes) 0xb8968856ed7a8690f612c84eb82a7e22
encap type espinudp-nonike sport 50500 dport 50500 addr 192.168.0.8
sel src 2001:14:3594:51e7:148a:1951:5b66:4a02/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
src 192.168.0.9 dst 192.168.0.8
proto esp spi 0x1efc0b20 reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0x98e18aa028b67737df59eb9ce3184cb4c7664f89
enc cbc(aes) 0x691310beaf1611245fa586107c058c9e
encap type espinudp-nonike sport 50500 dport 50500 addr 192.168.0.9
sel src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:14:3594:51e7:148a:1951:5b66:4a02/128
src c0a8:9:: dst c0a8:8::
proto (null) reqid 0 mode transport
replay-window 0
sel src 2001:14:3594:51e7:148a:1951:5b66:4a02/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 proto tcp sport 0 dport 1111
[root@INIT~]# ip xfrm policy
src 2001:10::/28 dst 2001:10::/28
dir in priority 0 ptype main
tmpl src :: dst ::
proto (null) reqid 0 mode transport
src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:14:a51a:48d2:b6d1:749c:f2f7:fff/128
dir in priority 0 ptype main
tmpl src c0a8:8:: dst c0a8:9::
proto (null) reqid 0 mode transport
src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:1a:dfb0:996:bea:8445:1597:17c4/128
dir in priority 0 ptype main
tmpl src c0a8:8:: dst c0a8:9::
proto (null) reqid 0 mode transport
src 2001:14:3594:51e7:148a:1951:5b66:4a02/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
dir in priority 0 ptype main
tmpl src c0a8:8:: dst c0a8:9::
proto esp reqid 0 mode beet
src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:14:3594:51e7:148a:1951:5b66:4a02/128
dir in priority 0 ptype main
tmpl src c0a8:9:: dst c0a8:8::
proto esp reqid 0 mode beet
src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:17:ee36:838b:cead:79b3:8959:9b47/128
dir in priority 0 ptype main
tmpl src c0a8:8:: dst c0a8:9::
proto (null) reqid 0 mode transport
src 2001:10::/28 dst 2001:10::/28
dir out priority 0 ptype main
tmpl src :: dst ::
proto (null) reqid 0 mode transport
src 2001:14:a51a:48d2:b6d1:749c:f2f7:fff/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
dir out priority 0 ptype main
tmpl src c0a8:9:: dst c0a8:8::
proto (null) reqid 0 mode transport
src 2001:1a:dfb0:996:bea:8445:1597:17c4/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
dir out priority 0 ptype main
tmpl src c0a8:9:: dst c0a8:8::
proto (null) reqid 0 mode transport
src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:14:3594:51e7:148a:1951:5b66:4a02/128
dir out priority 0 ptype main
tmpl src c0a8:9:: dst c0a8:8::
proto esp reqid 0 mode beet
src 2001:14:3594:51e7:148a:1951:5b66:4a02/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
dir out priority 0 ptype main
tmpl src c0a8:8:: dst c0a8:9::
proto esp reqid 0 mode beet
src 2001:17:ee36:838b:cead:79b3:8959:9b47/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
dir out priority 0 ptype main
tmpl src c0a8:9:: dst c0a8:8::
proto (null) reqid 0 mode transport
*********************************************************************************************
# hipconf nat off
# ping6 -I 2001:1a:dfb0:996:bea:8445:1597:17c4
2001:0015:fc77:357c:ecb7:2de3:7233:66c5
*********************************************************************************************
[root@INIT~]# ip xfrm state
src 192.168.0.8 dst 0.0.0.2
proto esp spi 0x00000000 reqid 0 mode beet
replay-window 0
sel src 252.119.53.124/32 dst 32.1.0.21/32 proto ipv6-icmp type 128 code 0
src 192.168.0.8 dst 0.0.0.2
proto esp spi 0x00000000 reqid 0 mode beet
replay-window 0
sel src 252.119.53.124/32 dst 32.1.0.21/32 proto ipv6-icmp type 128 code 0
src 0.0.0.2 dst 192.168.0.8
proto esp spi 0xa931bb0e reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0xcff3e7ac7d963f7a79db42aef225e53de4f05e2a
enc cbc(aes) 0xcae93168e3c63c6f8154d595d30ccfa4
sel src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:1a:dfb0:996:bea:8445:1597:17c4/128
src 0.0.0.2 dst 192.168.0.8
proto esp spi 0x09f1bd7c reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0x740af42454409518b6885f51e09705d2177f4805
enc cbc(aes) 0x24703a9438f69e3ac9eea519181f357c
sel src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:1a:dfb0:996:bea:8445:1597:17c4/128
[root@INIT~]# ip xfrm policy
src 2001:10::/28 dst 2001:10::/28
dir in priority 0 ptype main
tmpl src :: dst ::
proto (null) reqid 0 mode transport
src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:14:a51a:48d2:b6d1:749c:f2f7:fff/128
dir in priority 0 ptype main
tmpl src 7f00:1:: dst 7f00:1::
proto (null) reqid 0 mode transport
src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:1a:dfb0:996:bea:8445:1597:17c4/128
dir in priority 0 ptype main
tmpl src 0:2:: dst c0a8:8::
proto esp reqid 0 mode beet
src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:14:3594:51e7:148a:1951:5b66:4a02/128
dir in priority 0 ptype main
tmpl src 7f00:1:: dst 7f00:1::
proto (null) reqid 0 mode transport
src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:17:ee36:838b:cead:79b3:8959:9b47/128
dir in priority 0 ptype main
tmpl src 7f00:1:: dst 7f00:1::
proto (null) reqid 0 mode transport
src 2001:10::/28 dst 2001:10::/28
dir out priority 0 ptype main
tmpl src :: dst ::
proto (null) reqid 0 mode transport
src 2001:14:a51a:48d2:b6d1:749c:f2f7:fff/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
dir out priority 0 ptype main
tmpl src 7f00:1:: dst 7f00:1::
proto (null) reqid 0 mode transport
src 2001:1a:dfb0:996:bea:8445:1597:17c4/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
dir out priority 0 ptype main
tmpl src c0a8:8:: dst 0:2::
proto esp reqid 0 mode beet
src 2001:14:3594:51e7:148a:1951:5b66:4a02/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
dir out priority 0 ptype main
tmpl src 7f00:1:: dst 7f00:1::
proto (null) reqid 0 mode transport
src 2001:17:ee36:838b:cead:79b3:8959:9b47/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
dir out priority 0 ptype main
tmpl src 7f00:1:: dst 7f00:1::
proto (null) reqid 0 mode transport
***********************************************************************************************
@RESPONDER
# hipconf nat on
# test/hipsetup -r
***********************************************************************************************
[root@RESP~]# ip xfrm state
src 192.168.0.9 dst 192.168.0.8
proto esp spi 0x1efc0b20 reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0x98e18aa028b67737df59eb9ce3184cb4c7664f89
enc cbc(aes) 0x691310beaf1611245fa586107c058c9e
encap type espinudp-nonike sport 50500 dport 50500 addr 192.168.0.9
sel src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:14:3594:51e7:148a:1951:5b66:4a02/128
src 192.168.0.8 dst 192.168.0.9
proto esp spi 0x0294784d reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0xdc2e6b0cbf332cab0b40818b1745e8047e158121
enc cbc(aes) 0xb8968856ed7a8690f612c84eb82a7e22
encap type espinudp-nonike sport 50500 dport 50500 addr 192.168.0.8
sel src 2001:14:3594:51e7:148a:1951:5b66:4a02/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
[root@RESP~]# ip xfrm policy
src 2001:10::/28 dst 2001:10::/28
dir in priority 0 ptype main
tmpl src :: dst ::
proto (null) reqid 0 mode transport
src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:14:3594:51e7:148a:1951:5b66:4a02/128
dir in priority 0 ptype main
tmpl src c0a8:9:: dst c0a8:8::
proto esp reqid 0 mode beet
src 2001:14:3594:51e7:148a:1951:5b66:4a02/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
dir in priority 0 ptype main
tmpl src c0a8:8:: dst c0a8:9::
proto esp reqid 0 mode beet
src 2001:10::/28 dst 2001:10::/28
dir out priority 0 ptype main
tmpl src :: dst ::
proto (null) reqid 0 mode transport
src 2001:14:3594:51e7:148a:1951:5b66:4a02/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
dir out priority 0 ptype main
tmpl src c0a8:8:: dst c0a8:9::
proto esp reqid 0 mode beet
src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:14:3594:51e7:148a:1951:5b66:4a02/128
dir out priority 0 ptype main
tmpl src c0a8:9:: dst c0a8:8::
proto esp reqid 0 mode beet
***********************************************************************************************
# hipconf nat off
***********************************************************************************************
[root@RESP~]# ip xfrm state
src 192.168.0.9 dst 0.0.0.1
proto esp spi 0xa931bb0e reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0xcff3e7ac7d963f7a79db42aef225e53de4f05e2a
enc cbc(aes) 0xcae93168e3c63c6f8154d595d30ccfa4
sel src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:1a:dfb0:996:bea:8445:1597:17c4/128
src 0.0.0.1 dst 192.168.0.9
proto esp spi 0x2a3bd6e8 reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0x411f9f9f38858e612d6a7d81b6eaf891ecfdf411
enc cbc(aes) 0x48a78cb92004aac59ae19d3df26edcde
sel src 2001:1a:dfb0:996:bea:8445:1597:17c4/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
src 192.168.0.9 dst 0.0.0.1
proto esp spi 0x09f1bd7c reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0x740af42454409518b6885f51e09705d2177f4805
enc cbc(aes) 0x24703a9438f69e3ac9eea519181f357c
sel src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:1a:dfb0:996:bea:8445:1597:17c4/128
src 192.168.0.9 dst 0.0.0.1
proto esp spi 0x05f78af7 reqid 0 mode beet
replay-window 0
auth hmac(sha1) 0xbc56b674f24b97df62688e4a9cf6457b3f553705
enc cbc(aes) 0x5fe8a47bfe7b3f4485c858d6315dddaf
sel src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:1a:dfb0:996:bea:8445:1597:17c4/128
[root@RESP~]# ip xfrm policy
src 2001:10::/28 dst 2001:10::/28
dir in priority 0 ptype main
tmpl src :: dst ::
proto (null) reqid 0 mode transport
src 2001:1a:dfb0:996:bea:8445:1597:17c4/128 dst
2001:15:fc77:357c:ecb7:2de3:7233:66c5/128
dir in priority 0 ptype main
tmpl src 0:1:: dst c0a8:9::
proto esp reqid 0 mode beet
src 2001:10::/28 dst 2001:10::/28
dir out priority 0 ptype main
tmpl src :: dst ::
proto (null) reqid 0 mode transport
src 2001:15:fc77:357c:ecb7:2de3:7233:66c5/128 dst
2001:1a:dfb0:996:bea:8445:1597:17c4/128
dir out priority 0 ptype main
tmpl src c0a8:9:: dst 0:1::
proto esp reqid 0 mode beet
Best Regards,
Jeab
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
--
Miika Komu http://www.iki.fi/miika/
Other related posts:
- » [hipl-users] Hi3: Successful BaseExch, but no connection setup
- » [hipl-users] Re: Hi3: Successful BaseExch, but no connection setup
- » [hipl-users] Re: Hi3: Successful BaseExch, but no connection setup
- » [hipl-users] Re: Hi3: Successful BaseExch, but no connection setup
- » [hipl-users] Re: Hi3: Successful BaseExch, but no connection setup
- » [hipl-users] Re: Hi3: Successful BaseExch, but no connection setup
- » [hipl-users] Re: Hi3: Successful BaseExch, but no connection setup
- » [hipl-users] Re: Hi3: Successful BaseExch, but no connection setup
- » [hipl-users] Re: Hi3: Successful BaseExch, but no connection setup
- » [hipl-users] Re: Hi3: Successful BaseExch, but no connection setup
- » [hipl-users] Re: Hi3: Successful BaseExch, but no connection setup
- » [hipl-users] Re: Hi3: Successful BaseExch, but no connection setup
