| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Comments:
<0> good!
<0> and are you in pyjamas?
<0> msdn live?
<1> morning robe
<1> msdn = Microsoft Developer Network
<0> aah
<1> MSDN Live is conferences they have every now and then where there are technical sessions and we get a peek into whats new and will be out any second
<0> I see
<1> plus, as a MCT I am invited to closed sessions with free food and beer
<0> nice food?
<1> sometimes
<1> it has been crap at occations too :P
<0> but it's worth getting out of your morning robe?
<2> "Emergency! Batteries have failed on UPS ups1 . Change them NOW" yeah I know.. STFU.
<3> yoz: bad batteries, or overloaded UPS?
<1> mikaa: well. its either that or show up at the office
<1> mikaa: and when I have nothing real to do, I know what I prefer
<0> on sunday??
<1> well. the food and all that is on MSDN Live, which is tomorrow
<1> Im still in my morning robe
<0> aah, I see
<2> wlfshmn: both. :/
<4> maximising firm value versus maximising stockholder interests
<4> but right now I think I'll exersise a bit.. joining in for a jog, Jostein ?
<1> nope
<4> yeah yeah, too much energy et cetera, alien bla bla, I know..
<1> Like just mentioned, Im in my morning robe her and very comfy
<4> Jostein: at least I got to clean up my apartment a bit. with you messing it up yesterday, and everything :p
<1> yeah
<1> real mess
<1> I was thinking about vacuuming mine. some time after I bother go showering
<1> maybe even wash some clothes and stuff
<4> believe it or not it is actually quite a lot cleaner now, washed over the kitchen and cleaned the sink, stove et cetera
<4> and got rid of some empty beer, wine and tonic bottles
<1> I need to do that too
<5> poof
<1> have way too many old wine bottles around
<5> re JJ, KF
<1> qunaN
<4> heya
<5> now I get to compile Xorg
<4> Jostein: maybe time to change out my office chair too? I have the new one packed up after all :p
<4> Qunan: always fun
<4> Qunan: which version?
<5> K_F: whatever ships
<4> hehe
<5> K_F: actually, I should compile a new version of gcc
<5> K_F: NetBSD 3.1 still ships with 3.3.3
<5> K_F: Or, I could just install FreeBSD 6.2
<5> it ****s less, now, I hear
<4> Qunan: I've made it a rule to never upgrade a computer while sober
<4> works better otherwise
<5> K_F: I'm not ;)
<5> K_F: well I just polished off one b33r
<5> db2
<5> Falchion
<6> qun
<5> o.O
<6> That's called "smiling", doggiebert
<7> heh...I can smile with my butt!
<4> anyone have any music by Sara Gazarek]?
<4> seems like she is in the void, but actually listened to some decent music from her the other day
<7> not I...
<7> ph33r my wrt-fu
<8> hmm.. anyone here running a pix with more than one ipsec tunnel?
<7> not offhand, what are you trying to do
<7> whazzup, schitzo?
<8> trying to find out if somebody ****ed up, care to check a config/log snippet for me? i dont know squat about pix config
<7> put something in pastebin, can't promise I can fix it...
<8> http://members.easyline.at/~joebstl/ipsec/pix515.txt - to my understanding the policy has a priority of 40 but the log says priority 30 matches, so i guess something might be wrong
<8> both sides basically return a psk mismatch
<7> well, the way the thing works, the first match it finds will be the one it uses (both sides pix <-> pix or client <-> pix will search to find a parameter match)...is this a site to site vpn?
<8> yeah, pix515 (no access to that one) to a fortigate 50
<8> but there it should say that it matched policy 40 and not 30, or do i understand that wrong?
<5> tojoe: a fornicate?
<8> huh?
<5> tojoe: a fornicate 50?
<7> that means policy 30 is the one it's params found acceptable, doesn't MEAN that the PSK for the exchange matches on BOTH sides however...
<8> Qunan fortigate
<7> params acceptable to set up the VPN/IPsec tunnel, that is
<9> uh
<9> is your 30 map defined with the same peer ip?
<9> because thats not supposed to happen
<8> dogbert2 but according to the config snipped above it should actually match 40, not?
<7> yeah, that would cause a problem also (just woke up, no coffee/sode in the house)
<9> tojoe: can we see the 30 map?
<8> D-side i dont have access to the pix
<9> well thats a problem.
<8> i just git the relevant config snippet and a log
<9> unfortunately theres more than what you've got thats relevant.
<7> my advice, you'll need someone at both places to troubleshoot at the same time...
<9> thats not just advice, thats fact.
<9> why thank you kind sir. heh
<8> thats no real problem, besides finding the time
<7> well, you'll have to make the time...btw, if you have PIXen, might take a look at getting ASDM and installing it, makes setting up VPN stuff (and most other things) quite easy (IMO)
<9> tojoe: probably cause: crypto map $whatevername 30 set peer x.y.205.82
<8> how are the crypto map and the isakmp policy linked? same priority is for the same tunnel?
<9> actually, thats whhat i meant.
<9> er, does this fail on phase 1 or 2?
<8> phase 1, psk mismatch
<7> tojoe, another thing, there is a book by Richard Dean which tells you how to do everything with a PIXen (amazon search), I'd recommend buying it...explains shot in plain english
<7> well, a PSK mismatch is a problem
<9> where are you getting the "matching 30" stuff?
<8> ISAKMP (0): Checking ISAKMP transform 1 against priority 30 policy
<7> you can't process interesting traffic via match/acls until everything checks out in phase 1 and you go to phase 2
<8> and a few lines below it says ISAKMP (0): atts are acceptable. Next payload is 0
<9> and thats the log from the pix, right?
<8> yep
<7> http://members.easyline.at/~joebstl/ipsec/pix515.txt
<7> there it is, D-side
<9> so then its simple. the guy at the pix end has the same peer address set for isakmp policies 30 and 40
<9> so since it goes top-down, it matched 30 first, which has the wrong psk
<8> great, that's what i wanted to verify
<7> yeah...it goes in order until it finds a match...matches the first thing, and stops :)
<10> re
<7> D-side, you'd think cisco would fix that so it reads your mind :)
<8> nah, doesnt need a mindreader, just a backdoor so i can get access and check/configure it myself
<9> dogbert2: actually, cisco just expects the admin to not be a fool
<9> dogbert2: :)
<9> tojoe: now i can't guarantee thats the problem, but i'd be pretty surprised it it wasn'tt.
<7> tojoe, get that book also
<9> i think *I* might even look for that book. :)
<7> D-side, if i'm in a hurry, I use ASDM to set up site to site VPNs
<9> dogbert2: asdm?
<7> GUI https client or java i/f for the PIXen (available for 6.3 or better)
<11> light version of BDSM
<7> allows full GUI control and setup of PIXen
<9> like PDM?
<7> if you have CCO, you can d/l and install
<7> yeah...
<9> sure i've got a CCO login, but i damn well refuse to use a gui for a pix. :)
<7> D-side, I said if i'm in a HURRY!
<9> dogbert2: and a saved config in a text file can't be quickly altered and pasted in?! :)
<9> change the peer ips, map #, sa set, POW. heh
<9> i'm just really opposed for a gui to that. its not based on a reasonable argument, since I prefer the juniper netscreen's web gui to its console. :)
<8> dogbert2 unfortunatel i dont own any pix (and i dont plan to, either)
<7> 0072225238 is the ISBN for that PIXen book...excellent for novices and advanced people
<9> tojoe: its not the end-all-be-all firewall people make it out to be.
<9> dogbert2: i was just loooking for that.
<7> D-side...nodz..
<12> hello anyone know tcp wrappers
<7> what is wrong with tcp wrappers (have used it in a bazillion years, mind you)
Return to
#linux
or
Go to some related
logs:
#MissKitten
.htacces for dummies
php tools mysql slow queries benchmark
SirLagsAlot undernet
page-enter blendtrans cpu
GRUB GRUB GRUB mce
#c++
#javascript
#AllNiteCafe
#php
|
|