SunScreen Remote Admin setup error

• Previous message: meningo: "Re: how to block IP-address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Techniq" <techniq@dndlabs.net>
Date: Mon, 10 Mar 2003 08:10:42 GMT

I running Solaris9 (12/02) with SunScreen 3.2 installed. I'm trying to
setup a remote admin station using IKE. The problem i experience is that
when I go to add an access rule for Remote Administration I set the
following for "Remote Access Rules":

Encryption: IPSEC_IKE
Algorithms=>
        ESP: DES MD5
        AH: NONE
        IKE=>
                Encryption Algo: DES
                Hash Algo: MD5
                Oakley Grp: 1
                Auth Method: RSA Sigs
                Src Cert: IKE root CA certificates

The problems occurs when I go to verify policy and I receive the following:

[...snip...]
Error: a rule in the policy uses IPsec encryption algorithm MD5, but this
algorithm isnot installed on the system. Please install this algorithm
from the package Error: "ACCESS" refers to undefined ALGORITHM:"".
compile error
compile error
[...snip...]

That was word for word. If I change the ESP algorithm to DES SHA1 I get the
same msg, but replacing MD5 with SHA1.

modinfo returns the following for MD5 & SHA1 modules:
techniq@trinity:~> modinfo | awk '/(MD5|SHA)/ {print}'
 34 11e80ce 107d - 1 md5 (MD5 Message-Digest Algorithm)
121 13e67be 1b66 - 1 sha1 (SHA1 Message-Digest Algorithm)
125 7807d7dd 6f1 24 1 authmd5h (MD5-HMAC algorithm 1.5)
126 13e9746 6f1 25 1 authsha1 (SHA1-HMAC algorithm 1.7)

And the md5 executable can be found in /usr/sbin:
techniq@trinity:~> file /usr/sbin/md5
/usr/sbin/md5: ELF 32-bit MSB executable SPARC Version 1, dynamically
linked, not stripped

Can anyone tell me what I am missing or why these errors are being
generated???

• Previous message: meningo: "Re: how to block IP-address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Mass deployment of security tools ... I know that NetSupport Manager allows remote installs and such; ... Original> I have been tasked with a project of installing various security ... Original> I want to install a number of security applications to windows ... Our program offers unparalleled Infosec management ... (Security-Basics) RE: Remote Desktop failure post SP1 ... > information on the way to install SP1? ... I need to the know when the error message "The connection to the remote ... When you setting up VPN connection. ... (microsoft.public.windows.server.sbs) Re: ActiveSync 3.7 / 3.8 unable to dial in remotely via RAS when PC networked ... It was the other XP Pro machines I upgraded to SP2 from CD. ... to implement our system there including the Remote Dial-up for the iPAQ - I ... > The computer is running XP Pro and was a virgin install. ... > It was updated to SP2 via CD as it has never had Internet access in this ... (microsoft.public.pocketpc.activesync) Re: Installing SMS 2.0 on a 2003 Server ... I am unsure about what you are talking about when you say "Remote ... Terminal Services (Heck if we insist that is it installed, ... "Roger Crawford" wrote in message ... Then it gives me the error> that it has detected that Terminal Server is running and this needs to be in> intsall mode. ... (microsoft.public.sms.setup) Re: Changing from App mode to Remote Admin mode via registry ... applications on the terminal server. ... Remote admin mode is simply activated by going ... Microsoft MVP - Terminal Server ... We'd like to do this because our application doesn't install right now in ... (microsoft.public.windows.terminal_services)