[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(racoon 782) WARNING: CR received, ignore it. It should be in other exchange.
- To: racoon@kame.net
- Subject: (racoon 782) WARNING: CR received, ignore it. It should be in other exchange.
- From: Hans Fugal <fugalh@gmail.com>
- Date: Thu, 30 Sep 2004 13:18:30 -0600
- Delivered-to: racoon-archive@kame.net
- Delivered-to: racoon-outgo@kame.net
- Delivered-to: racoon@kame.net
- Reply-to: Hans Fugal <fugalh@gmail.com>
- Sender: owner-racoon@kame.net
I have set up racoon to racoon with certificates and it works well.
Now I'm trying to connect to the Netscreen (NS25) at work, and I get
this from racoon:
2004-09-30 13:10:36: INFO: respond new phase 1 negotiation:
166.70.37.149[500]<=>204.96.22.194[500]
2004-09-30 13:10:36: INFO: begin Identity Protection mode.
2004-09-30 13:10:36: WARNING: CR received, ignore it. It should be in
other exchange.
2004-09-30 13:10:37: INFO: ISAKMP-SA established
166.70.37.149[500]-204.96.22.194[500]
spi:9e12c36584dd26f4:73b86302819aac9c
And then nothing. The netscreen's logs are less verbose, but there is this:
Rejected an IKE packet on ethernet3 from 204.96.22.194:500 to
166.70.37.149:500 with cookies f454d055c4b3642d and b9b0a3f4ccc81cd9
because received a packet with a message ID before Phase 1
authentication was done.
And a little later, this:
PKI: No response for status inquiry for cert with subject name
Email=hfugal@wencor.com,CN=Hans Fugal,OU=IT,O=Wencor West,
Inc.,L=Provo,ST=Utah,C=US,
I tried peers_certfile with no luck.
Am I stuck with psk to the netscreen? (Yes, psk works fine)
--
De gustibus non disputandum est.