Topic: how to configure ipesc tunnel between sme and Linksys RV042

[bbialy]

Hello,
I've problem with configuring ipsec tunnel between sme and RV042

my config diagram looks like

192.168.88.0/24  ----SME---12.13.14.15---I-net----15.14.13.12---RV042---192.168.77.0/24
LAN 1                                   public fix IP                       public fix IP            LAN2


configuration of IPSEC tunnel on sme based on IPSEC howto



/etc/sysconfig/network-script/ifcfg-ipsec0

Code: [Select]

TYPE=IPSEC
ONBOOT=yes
IKE_METHOD=PSK
DSTNET=192.168.77.0/24
SRCNET=192.168.88.0/24
SRCGW=12.13.14.1
DST=15.14.13.12
/etc/sysconfig/network-scripts/keys-ipsec0

Code: [Select]

IKE_PSK=acbdef
on linksys i have vpn configured like this

Tunnel No.   1
tunnel name test
Local Security Gateway Type  IP ONLY
IP address  15.14.13.12
Local Security Group Type subnet
IP address 192.168.77.0
Subnet Mask 255.255.255.0

Remote Security Gateway Type  IP Only
IP address 12.13.14.15
Remote Security Group Type Subnet
IP address 192.168.88.0
Subnet Mask 255.255.255.0

IPSec Setup     

Keying Mode IKE with Preshared key
Phase1 DH Group Group2
Phase1 Encryption 3DES
Phase1 Authentication SHA1
Phase1 SA Life Time 28800  seconds
Perfect Forward Secrecy CHECKED 
Phase2 DH Group Group2
Phase2 Encryption 3DES
Phase2 Authentication SHA1
Phase2 SA Life Time 3600 seconds
Preshared Key abcdef

Advanced
Aggressive Mode  UNCHECKED
Compress (Support IP Payload Compression Protocol(IPComp)) UNCHECKED
Keep-Alive CHECKED
AH Hash Algorithm UNCHECKED
NetBIOS broadcast CHECKED
NAT Traversal CHECKED
Dead Peer Detection (DPD)   CHECKED Interval seconds 10


in sme log files it looks like this

Code: [Select]

Nov  8 16:00:50 beton racoon: INFO: respond new phase 1 negotiation: 12.13.14.15[500]<=>15.14.13.12[500]
Nov  8 16:00:50 beton racoon: INFO: begin Identity Protection mode.
Nov  8 16:00:51 beton racoon: INFO: ISAKMP-SA established 12.13.14.15[500]-15.14.13.12[500] spi:74870814b9c5c503:a18ac53c
8b7a5b7d
Nov  8 16:00:51 beton racoon: INFO: respond new phase 2 negotiation: 12.13.14.15[0]<=>15.14.13.12[0]
Nov  8 16:00:51 beton racoon: ERROR: not matched
Nov  8 16:00:51 beton racoon: ERROR: no suitable policy found.
Nov  8 16:00:51 beton racoon: ERROR: failed to pre-process packet.
Nov  8 16:01:00 beton racoon: INFO: purged ISAKMP-SA proto_id=ISAKMP spi=74870814b9c5c503:a18ac53c8b7a5b7d.
Nov  8 16:01:00 beton racoon: INFO: respond new phase 1 negotiation: 12.13.14.15[500]<=>15.14.13.12[500]
Nov  8 16:01:00 beton racoon: INFO: begin Identity Protection mode.
Nov  8 16:01:01 beton racoon: INFO: ISAKMP-SA deleted 12.13.14.15[500]-15.14.13.12[500] spi:74870814b9c5c503:a18ac53c8b7a
5b7d
Nov  8 16:01:10 beton racoon: INFO: ISAKMP-SA established 12.13.14.15[500]-15.14.13.12[500] spi:a292f4e96a2488a1:a85ccf89
e21d731d
Nov  8 16:01:10 beton racoon: INFO: respond new phase 2 negotiation: 12.13.14.15[0]<=>15.14.13.12[0]
Nov  8 16:01:10 beton racoon: ERROR: not matched
Nov  8 16:01:10 beton racoon: ERROR: no suitable policy found.
Nov  8 16:01:10 beton racoon: ERROR: failed to pre-process packet.
Nov  8 16:01:20 beton racoon: INFO: respond new phase 2 negotiation: 12.13.14.15[0]<=>15.14.13.12[0]
Nov  8 16:01:20 beton racoon: ERROR: not matched
Nov  8 16:01:20 beton racoon: ERROR: no suitable policy found.
Nov  8 16:01:20 beton racoon: ERROR: failed to pre-process packet.

I  do not know what else i shoild conigure
i think that the clue is
Nov  8 16:00:51 beton racoon: INFO: respond new phase 2 negotiation: 12.13.14.15[0]<=>15.14.13.12[0]
Nov  8 16:00:51 beton racoon: ERROR: not matched

but which parameter is not matched??

bbialy