Le samedi 04 juin 2005 C 01:18 +0200, Romain GAILLEGUE a C)crit :
> Hello
>
> I think i have a problem with ipsec :)
> if someone see something wrong ?
>
> -------------
> #!/bin/ksh
> LOCAL=172.31.31.20
> REMOTE=172.31.31.1
> KEY=93a623705ff3ab06e06b66180c78e998865f31d6
>
> ipsecadm flush
>
> ipsecadm new esp -src $LOCAL -dst $REMOTE -spi 1001 -enc blf -key $KEY
> ipsecadm new esp -src $REMOTE -dst $LOCAL -spi 1000 -enc blf -key $KEY
>
> ipsecadm flow -proto esp -src $LOCAL -dst $REMOTE -require -out -addr
> $LOCAL/32 $REMOTE/32
> ipsecadm flow -proto esp -src $REMOTE -dst $LOCAL -require -in -addr
> $REMOTE/32 $LOCAL/32
>
> -------------
> ping 172.31.31.1 on 172.31.31.20.. n
>
> -------------
> tcpdump on 172.31.31.1
> # tcpdump -qni vr1 esp
> tcpdump: listening on vr1, link-type EN10MB
> 00:58:54.536190 esp 172.31.31.20 > 172.31.31.1 spi 0x00001000 seq 16 len
> 104
> 00:58:55.567066 esp 172.31.31.20 > 172.31.31.1 spi 0x00001000 seq 17 len
> 104
> 00:58:56.595142 esp 172.31.31.20 > 172.31.31.1 spi 0x00001000 seq 18 len
> 104
> 00:58:57.564902 esp 172.31.31.20 > 172.31.31.1 spi 0x00001000 seq 19 len
> 104
> 00:58:58.586613 esp 172.31.31.20 > 172.31.31.1 spi 0x00001000 seq 20 len
> 104
>
> Thanks !
Thanks to Hans-Joerg Hoexer
it's :
ipsecadm flow -proto esp -src $LOCAL -dst $REMOTE -require -out -addr \
$LOCAL/32 $REMOTE/32
ipsecadm flow -proto esp -src $LOCAL -dst $REMOTE -require -in -addr \
$REMOTE/32 $LOCAL/32
Romain
--
Romain GAILLEGUE <[EMAIL PROTECTED]>
