hbsharp
asked on
ipsec on Solaris 8
Hi,
I am trying to setup ipsec between two Sun servers running Solaris 8. I've pretty much followed the entire documentation available on the Sun Website to set this up. However, I've not been too successful. I keep getting the following error message every time I try to ping from the second node to the primary node.
Apr 4 12:36:08 hostname ipsecah: [ID 368763 kern.error] ah_inbound_v4 : No association found, spi=0x1001 ,dst addr a502606.
Can someone throw more light on what I've not done correctly ?
Thanks
I am trying to setup ipsec between two Sun servers running Solaris 8. I've pretty much followed the entire documentation available on the Sun Website to set this up. However, I've not been too successful. I keep getting the following error message every time I try to ping from the second node to the primary node.
Apr 4 12:36:08 hostname ipsecah: [ID 368763 kern.error] ah_inbound_v4 : No association found, spi=0x1001 ,dst addr a502606.
Can someone throw more light on what I've not done correctly ?
Thanks
ASKER
I am trying to a very basic setup initially. My ipseckeys looks very similar to the one suggested by you. However, I am not using md5 as my auth_alg. I'll try out your suggestion and will update the site.
Thanks for your time.
Thanks for your time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Yuzh,
That woud be great. Thanks for your help.
Regards,
That woud be great. Thanks for your help.
Regards,
init script contents:
if [ -f /etc/inet/ipseckeys ] ; then
/usr/sbin/ipseckey -f /etc/inet/ipseckeys
f
ipseckeys contents for esp encryption:
add esp spi 0x3000 src W.X.Y.Z dst w.x.y.z\
auth_alg md5 encr_alg des \
authkey hexhexhexhexhexhexhexhexhe
encrkey hexhexhexhexhexh
add esp spi 0x3001 src w.x.y.z dst W.X.Y.Z \
auth_alg md5 encr_alg des \
authkey hexhexhexhexhexhexhexhexhe
encrkey hexhexhexhexhexh