ike problem building a vpn between cisco and solaris

Archived from groups: comp.dcom.vpn (More info?)

Hi ,

I am trying to connect a cisco 3600 and a solaris machine using
ipsec-ike and pre-shared keys .
First tests between 2 suns were ok , but when cisco now is trying to
establish the connnection , there is an error during ike phase 2 quick
mode negociation .
I don't know why ....

Can anyone have an idea about the possible reason ?
Has anyone tried successfully do do this type of tunnel ?

Thanks by advance

here is an extract of logs :

Tue Nov 23 19:01:14 2004: /usr/lib/inet/in.iked: construct_local_id
Tue Nov 23 19:01:14 2004: /usr/lib/inet/in.iked: construct_local_id:
ipv4(any:0,[0..4]=$SUN_IP)
Tue Nov 23 19:01:14 2004: /usr/lib/inet/in.iked: xchg_type=2, 1 xforms.
Tue Nov 23 19:01:14 2004: /usr/lib/inet/in.iked: In
ssh_policy_isakmp_request_vendor_ids pm_info == ed138.
Tue Nov 23 19:01:14 2004: /usr/lib/inet/in.iked: Non-NULL new
negotiation! Get back to work!
Tue Nov 23 19:01:14 2004: /usr/lib/inet/in.iked: Waiting for IKE results.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In
ssh_policy_isakmp_vendor_id.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In
ssh_policy_isakmp_nonce_data_len.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In
ssh_policy_isakmp_vendor_id.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In
ssh_policy_isakmp_vendor_id.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In
ssh_policy_isakmp_vendor_id.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In
ssh_policy_isakmp_vendor_id.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In
ssh_policy_find_pre_shared_key.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In
ssh_policy_isakmp_vendor_id.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In Phase 1 notify!
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: alloc_spi: invoked for
f0ca0
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: pfkey_request: queueing
seq 43 type 1/GETSPI satype 3/ESP
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: tx_req: posting seq 43
type 1/GETSPI satype 3/ESP
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: pf_key_handler: got pid
24018 seq 43 type 1/GETSPI sa 3/ESP errno 0 diag 0
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: handle_reply: got seq
43 type 1/GETSPI satype 3/ESP
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: alloc_spi: invoked for
f0ca0
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: alloc_spi: getspi 0th
prot, 0th prop, 0th SA
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In
ssh_policy_qm_nonce_data_len.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In
ssh_policy_phase_ii_sa_freed.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: local_ip = $SUN_IP,
remote_ip = $CISCO_IP,
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: Quick Mode negotiation
failed: Aborted notification.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: local_ip = $SUN_IP,
remote_ip = $CISCO_IP,
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: local_i_id =
ipv4_subnet(ipip:0,[0..8]=0.0.0.0/0), local_r_id = No Id,
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: remote_i_id =
ipv4_subnet(ipip:0,[0..8]=0.0.0.0/0), remote_r_id = No Id,
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: Phase 2 error: Aborted
notification.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In ssh_policy_qm_sa_freed.
Tue Nov 23 19:01:15 2004: /usr/lib/inet/in.iked: In
ssh_policy_isakmp_sa_freed. Clobbering phase1 instance
Tue Nov 23 19:01:37 2004: /usr/lib/inet/in.iked: In delete_ike_server()