On Wed, 5 Apr 2006, Karl Kopp wrote: > crypto isakmp policy 10 > encr 3des > hash md5 > authentication pre-share > group 2
Last time I tried, I had to specify an explicit lifetime for the phase 1 policy here. > run isakmpd -K -d, then ipsecctl -f /etc/ipsec.conf and get: > > 170525.073348 Default message_recv: invalid cookie(s) 03af03aac4e7f22f > 9c282b0073a7218f > 170525.073424 Default dropped message from 202.1.1.30 port 500 due to > notification type INVALID_COOKIE You really need to turn up debugging to figure this out. -d
