Hi,
I have two MT Routers,
first is 2011UAL ROS6.7, second one is 951G-2HnD ROS6.7.
Tried to Setup IPSec Tunnel as follows:
Device One
Peer: 1.1.1.2/24:500, Main Mode, aes-128/sha1, pfs modp2048, proposal check obey, 1d lifetime, 60s dpd. Authentication is RSA Keys.
Proposal: aes-128/sha1, pfs modp1024, lifetime 30m.
Policies: Src 10.255.255.253/32, Dst 10.255.255.254/32, protocol all, action encrypt, level require, protocol ESP (Tunnel). SA Src 1.1.1.1, SA Dst 1.1.1.2.
Device Two
Peer: 1.1.1.1/24:500, Main Mode, aes-128/sha1, pfs modp2048, proposal check obey, 1d lifetime, 60s dpd. Authentication is RSA Keys.
Proposal: aes-128/sha1, pfs modp1024, lifetime 30m.
Policies: Src 10.255.255.254/32, Dst 10.255.255.253/32, protocol all, action encrypt, level require, protocol ESP (Tunnel). SA Src 1.1.1.2, SA Dst 1.1.1.1.
Remote Peers tells:
Connection 1.1.1.1 → 1.1.1.2 is Established since 2 hours, PH2 Active 0, PH2 Total 0.
Log tells me:
ISAKMP-SA established
1.1.1.1:500 ↔ 1.1.1.2:500
spi: 8dfe************daa8
DPD-R-U-There Packets are sent each 60s and gets Ack vice-versa.
I didn’t touch the routes so far.
The result should be an UDP-based (IPSec-based) tunnel between Router One and Router Two.
The 10.255.255.n/32 Addresses are looplocal-Addresses, that are assigned to an empty bridge.
Can anyone help me to get the Phase2 up, please?
Regards,
redflag237
