Subject: racoon interoperability
To: None <tech-net@netbsd.org>
From: Hendra Widarta <hwidarta@yahoo.com>
List: tech-net
Date: 04/20/2002 09:22:57
Hi,
I've made IPSec interoperability test.
Wish this information can be useful for us,
especially for racoon users.
My PC runs NetBSD1.5.2 (i386) + racoon-20011215a
BTW, I don't understand why NULL encryption fail to interoperate
with other devices; although phase-1/phase-2 done and SA
established. Tcpdump receives ESP protocol at WAN interface,
but no packet for LAN interface.
From sonicwall log, it shows...
"phase-1 & phase-2 done; ipsec Authentication failed"
Somebody knows? Any suggestions?
thanks,
hendra
===========
Tunnel mode, ESP
phase1: main mode + dh1 + DES + MD5 + PSK
phase2: NoPFS
vs. NetScreen-100
NULL+MD5 : fail
DES+MD5 : pass
DES+SHA1 : pass
3DES+MD5 : pass
3DES+SHA1: pass
vs. NetScreen-204
NULL+MD5 : fail
DES+MD5 : pass
3DES+MD5 : pass
3DES+SHA1: pass
vs. SonicWall Pro300
NULL+MD5 : fail
DES+MD5 : pass
3DES+MD5 : pass
3DES+SHA1: pass
vs. RapidStream 6000
NULL+MD5 : fail
DES+MD5 : pass
3DES+MD5 : pass
3DES+SHA1: pass
vs. Intrusion PDS5515 (CheckPoint VPN-1 & Firewall-1 NG)
NULL+MD5 : fail
DES+MD5 : pass
DES+SHA1 : pass
vs. Cisco PIX525 (v6.1)
NULL+MD5 : fail
DES+MD5 : pass
DES+SHA1 : fail
Note:
a) pass: ping & ftp service
b) 3DES is disabled (Intrusion and Cisco PIX)
===========
__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/