Hi,

I have two MT Routers,
first is 2011UAL ROS6.7, second one is 951G-2HnD ROS6.7.

Tried to Setup IPSec Tunnel as follows:
Device One
Peer: 1.1.1.2/24:500, Main Mode, aes-128/sha1, pfs modp2048, proposal check obey, 1d lifetime, 60s dpd. Authentication is RSA Keys.
Proposal: aes-128/sha1, pfs modp1024, lifetime 30m.
Policies: Src 10.255.255.253/32, Dst 10.255.255.254/32, protocol all, action encrypt, level require, protocol ESP (Tunnel). SA Src 1.1.1.1, SA Dst 1.1.1.2.

Device Two
Peer: 1.1.1.1/24:500, Main Mode, aes-128/sha1, pfs modp2048, proposal check obey, 1d lifetime, 60s dpd. Authentication is RSA Keys.
Proposal: aes-128/sha1, pfs modp1024, lifetime 30m.
Policies: Src 10.255.255.254/32, Dst 10.255.255.253/32, protocol all, action encrypt, level require, protocol ESP (Tunnel). SA Src 1.1.1.2, SA Dst 1.1.1.1.

Remote Peers tells:
Connection 1.1.1.1 -> 1.1.1.2 is Established since 2 hours, PH2 Active 0, PH2 Total 0.

Log tells me:
ISAKMP-SA established
1.1.1.1:500 <-> 1.1.1.2:500
spi: 8dfe************daa8

DPD-R-U-There Packets are sent each 60s and gets Ack vice-versa.
I didn't touch the routes so far.
The result should be an UDP-based (IPSec-based) tunnel between Router One and Router Two.
The 10.255.255.n/32 Addresses are looplocal-Addresses, that are assigned to an empty bridge.

Can anyone help me to get the Phase2 up, please?

Regards,

redflag237

Hi,

I've made a new ScreenShot, maybe my information was not enough for debug.
Can someone help me, please?

Okay solved right now.
It was that stupid kind of testing error

Proposals only gets active when according traffic is being sent.

Regards,

redflag237