[SunHELP] ipsec config please help

Mon Aug 20 03:02:27 CDT 2001

Hi all, 

I need some help for this ipsec tunnel configuration that i am trying to 
implement. this is really urgent and i hope you all will help me out
with this. 

I have configured ipsec by using the command 'ipsec' at the command
prompt and 
then the configuration being done at the ipsec command prompt :ipsec> 
so how do i know where the ipseckey file is and how do i check it? 

also the configuration needs a tunnel src address and tunnel dest
address. which 
addresses are these? i have two systems which are sparc machines running
the 
solaris 8 core administration package and they are connected via a
private 
network. one machine is 10.1.1.1 and the other is 10.1.1.2. so these are
the two 
system addresses right and then which are the tunnel addresses? 

i have given the command 

on system 1

ipsec> add esp spi 0x2112 src 10.1.1.1 dst 10.1.1.2\
authalg md5 authkey 123456aa123456bb123456cc123456dd \
encralg 3des encrkey 789000ee789000ff 

on system 2 

ipsec> add esp spi 0x2113 src 10.1.1.2 dst 10.1.1.1\
authalg md5 authkey 654321aa654321bb654321cc654321dd \
encralg 3des encrkey 000789ee000789ff

and after this the command on system 1 gave no error but the one on
system gives 
error saying that one of the values entered is incorrect. return message
in 
doaddup.invalid argument. 
what causes this problem? 

after that i tried to configure the secure tunnel..by giving the foll.
commands. 

on system 1

#ifconfig ip.tun0 plumb 
#ifconfig ip.tun0 10.1.1.11 10.1.1.22 \
tsrc 10.1.1.1 tdst 10.1.1.2 encr_algs 3des encr_auth_algs md5 
# ifconfig ip.tun0 up 

on system 2

#ifconfig ip.tun0 plumb 
#ifconfig ip.tun0 10.1.1.22 10.1.1.11 \
tsrc 10.1.1.2 tdst 10.1.1.1 encr_algs 3des encr_auth_algs md5 
# ifconfig ip.tun0 up 

this also gives error on system 2 and no error on system 1. 
what might be the problem? 

i am very new to this field and have to finish this by tomorrow morning
and am 
really stuck with these errors. i will be most thankful if you help me
out with 
this at the earliest.

thanks in advance.
regards,
Sayali Karanjkar
-- 
Sayali