ipsec on Solaris 8

Hi,

I am trying to setup ipsec between two Sun servers running Solaris 8. I've pretty much followed the entire documentation available on the Sun Website to set this up. However, I've not been too successful. I keep getting the following error message every time I try to ping from the second node to the primary node.

Apr  4 12:36:08 hostname ipsecah: [ID 368763 kern.error] ah_inbound_v4 : No association found, spi=0x1001 ,dst addr a502606.

Can someone throw more light on what I've not done correctly ?

Thanks
LVL 1
hbsharpAsked:
Who is Participating?
 
hbsharpAuthor Commented:
Hi,

We figured out what the problem was. It was just that we were missing a couple of packages required for ipsec to work. So, if you encounter problems setting up IPSEC, please check to ensure that you have the following packages installed,

SUNWcr
SUNWcrx

Thanks
0
 
keieCommented:
Did you notify the kernel of the SPI's you are using?
 
init script contents:
      if [ -f /etc/inet/ipseckeys ] ; then
                /usr/sbin/ipseckey -f /etc/inet/ipseckeys
      f

ipseckeys contents for esp encryption:
add esp spi 0x3000 src W.X.Y.Z dst w.x.y.z\
auth_alg md5 encr_alg des \
authkey hexhexhexhexhexhexhexhexhexhexhex \
encrkey hexhexhexhexhexh
add esp spi 0x3001 src w.x.y.z dst W.X.Y.Z \
auth_alg md5 encr_alg des \
authkey hexhexhexhexhexhexhexhexhexhexhex \
encrkey hexhexhexhexhexh
0
 
hbsharpAuthor Commented:
I am trying to a very basic setup initially. My ipseckeys looks very similar to the one suggested by you. However, I am not using md5 as my auth_alg. I'll try out your suggestion and will update the site.

Thanks for your time.
0
 
hbsharpAuthor Commented:
Hi Yuzh,

That woud be great. Thanks for your help.

Regards,
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.