ipsec config problem :URGENT HELP NEEDED

From: Sayali Karanjkar (Sayali.Karanjkar@Sun.COM)
Date: 08/20/01


Message-Id: <200108200254.KAA29402@rufus.Singapore.Sun.COM>
Date: Mon, 20 Aug 2001 10:54:45 +0800 (SGT)
From: Sayali Karanjkar <Sayali.Karanjkar@Sun.COM>
Subject: ipsec config problem :URGENT HELP NEEDED 
To: focus-sun@securityfocus.com

Hi all,

I need some help for this ipsec tunnel configuration that i am trying to
implement. this is really urgent and i hope you all will help me out with this.

I have configured ipsec by using the command 'ipsec' at the command prompt and
then the configuration being done at the ipsec command prompt :ipsec>
so how do i know where the ipseckey file is and how do i check it?

also the configuration needs a tunnel src address and tunnel dest address. which
addresses are these? i have two systems which are sparc machines running the
solaris 8 core administration package and they are connected via a private
network. one machine is 10.1.1.1 and the other is 10.1.1.2. so these are the two
system addresses right and then which are the tunnel addresses?

i have given the command

on system 1

ipsec> add esp spi 0x2112 src 10.1.1.1 dst 10.1.1.2\
authalg md5 authkey 123456aa123456bb123456cc123456dd \
encralg 3des encrkey 789000ee789000ff

on system 2

ipsec> add esp spi 0x2113 src 10.1.1.2 dst 10.1.1.1\
authalg md5 authkey 654321aa654321bb654321cc654321dd \
encralg 3des encrkey 000789ee000789ff

and after this the command on system 1 gave no error but the one on system gives
error saying that one of the values entered is incorrect. return message in
doaddup.invalid argument.
what causes this problem?

after that i tried to configure the secure tunnel..by giving the foll. commands.

on system 1

#ifconfig ip.tun0 plumb
#ifconfig ip.tun0 10.1.1.11 10.1.1.22 \
tsrc 10.1.1.1 tdst 10.1.1.2 encr_algs 3des encr_auth_algs md5
# ifconfig ip.tun0 up

on system 2

#ifconfig ip.tun0 plumb
#ifconfig ip.tun0 10.1.1.22 10.1.1.11 \
tsrc 10.1.1.2 tdst 10.1.1.1 encr_algs 3des encr_auth_algs md5
# ifconfig ip.tun0 up

this also gives error on system 2 and no error on system 1.
what might be the problem?

i am very new to this field and have to finish this by tomorrow morning and am
really stuck with these errors. i will be most thankful if you help me out with
this at the earliest.

thanks in advance.
regards,
Sayali Karanjkar



Relevant Pages

  • RE: ipsec config problem :URGENT HELP NEEDED
    ... Subject: ipsec config problem:URGENT HELP NEEDED ... I need some help for this ipsec tunnel configuration that i am trying to ... also the configuration needs a tunnel src address and tunnel dest address. ...
    (Focus-SUN)
  • RE: ipsec config problem :URGENT HELP NEEDED
    ... Subject: ipsec config problem:URGENT HELP NEEDED ... >I need some help for this ipsec tunnel configuration that i am trying to ... >I have configured ipsec by using the command 'ipsec' at the command prompt ...
    (Focus-SUN)
  • IPSec IKE Phase II Malfunction
    ... I think I may have found a bug in the ISA 2004 site to site IPSec ... configuration interface. ... If you build an IPSec tunnel, ...
    (microsoft.public.isa.vpn)
  • Re: Multicast over IPSec Tunnels?
    ... o IP multicast traffic cannot be sent over a Generic Routing ... Encapsulation tunnel if IP Security (IPSec) is configured on the ... Remove IP Security configuration from the tunnel ...
    (comp.dcom.sys.cisco)
  • Re: IPSec monitor snap-in
    ... IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. ... I don't think that these settings can be enabled via the registry and the XP Home version has no Local Security Policy tool, and it doesn't have a Group Policy snap-in so I'm not sure how you managed to enable the "Audit policy change" feature on your machine. ... Tasklist is included with Windows XP Pro but not with XP Home, XP Home users can download Tasklist.exe here: http://www.computerhope.com/download/winxp.htm Download it and put it in your Windows\System32 folder. ... Reboot your computer and allow it to settle down and then run these commands at the Command Prompt: ...
    (microsoft.public.windowsxp.basics)