RE: ipsec config problem :URGENT HELP NEEDED
From: Steven Chansky (Steven.Chansky@tasc.dot.gov)Date: 08/20/01
- Previous message: Wenchel, Kevin B.: "RE: ipsec config problem :URGENT HELP NEEDED"
- Maybe in reply to: Sayali Karanjkar: "ipsec config problem :URGENT HELP NEEDED"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Steven Chansky" <Steven.Chansky@tasc.dot.gov> To: Sayali Karanjkar <Sayali.Karanjkar@Sun.COM>, focus-sun@securityfocus.com Subject: RE: ipsec config problem :URGENT HELP NEEDED Date: Mon, 20 Aug 2001 20:05:00 GMT Message-Id: <GIDURU03.08D@mdspxy02.dot.gov>
your problem is hardware related, believe it or not. a good article to read is at http://www.enteract.com/~lspitz/interfaces.html when reading this article on page 2 it talks about that by default, Sun's interfaces derive the MAC addressing from the NVRAM, and not the interface itself. since you are using two nic cards on the same subnet, this is where the problem is. go to your sunbox and to the /usr/sbin directory. type in ./eeprom. look for a line that reads local-mac-address?=false. this must be changed to local-mac-address?=true. when this is set to true (non default setting) the mac addresses will not be gotten from NVRAM but from each nic card. this will fix your problem. in addition, you should read the article, it is very good.
Steve
-----Original Message-----
From: Sayali Karanjkar [mailto:Sayali.Karanjkar@Sun.COM]
Sent: Sunday, August 19, 2001 10:54 PM
To: focus-sun@securityfocus.com
Subject: ipsec config problem :URGENT HELP NEEDED
Hi all,
I need some help for this ipsec tunnel configuration that i am trying to
implement. this is really urgent and i hope you all will help me out with this.
I have configured ipsec by using the command 'ipsec' at the command prompt and
then the configuration being done at the ipsec command prompt :ipsec>
so how do i know where the ipseckey file is and how do i check it?
also the configuration needs a tunnel src address and tunnel dest address. which
addresses are these? i have two systems which are sparc machines running the
solaris 8 core administration package and they are connected via a private
network. one machine is 10.1.1.1 and the other is 10.1.1.2. so these are the two
system addresses right and then which are the tunnel addresses?
i have given the command
on system 1
ipsec> add esp spi 0x2112 src 10.1.1.1 dst 10.1.1.2\
authalg md5 authkey 123456aa123456bb123456cc123456dd \
encralg 3des encrkey 789000ee789000ff
on system 2
ipsec> add esp spi 0x2113 src 10.1.1.2 dst 10.1.1.1\
authalg md5 authkey 654321aa654321bb654321cc654321dd \
encralg 3des encrkey 000789ee000789ff
and after this the command on system 1 gave no error but the one on system gives
error saying that one of the values entered is incorrect. return message in
doaddup.invalid argument.
what causes this problem?
after that i tried to configure the secure tunnel..by giving the foll. commands.
on system 1
#ifconfig ip.tun0 plumb
#ifconfig ip.tun0 10.1.1.11 10.1.1.22 \
tsrc 10.1.1.1 tdst 10.1.1.2 encr_algs 3des encr_auth_algs md5
# ifconfig ip.tun0 up
on system 2
#ifconfig ip.tun0 plumb
#ifconfig ip.tun0 10.1.1.22 10.1.1.11 \
tsrc 10.1.1.2 tdst 10.1.1.1 encr_algs 3des encr_auth_algs md5
# ifconfig ip.tun0 up
this also gives error on system 2 and no error on system 1.
what might be the problem?
i am very new to this field and have to finish this by tomorrow morning and am
really stuck with these errors. i will be most thankful if you help me out with
this at the earliest.
thanks in advance.
regards,
Sayali Karanjkar
- Previous message: Wenchel, Kevin B.: "RE: ipsec config problem :URGENT HELP NEEDED"
- Maybe in reply to: Sayali Karanjkar: "ipsec config problem :URGENT HELP NEEDED"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
