I have a host I am trying to setup for ipsec. But I am finding some errors in the log that don't make much sense to me.
The system are Rhel 5.5 boxes. I followed RHEL's IPSec deployment directions to setup a host to host IPSec connection between hosts on two different LAN's. One host has a bonded interface. After running tcpdump I don't see any traffic going to the second host.
I restarted networking services and saw this:
Jul 31 14:27:17 n7pg01dimg001imon002 racoon: INFO: @(#)ipsec-tools 0.6.5 (http://ipsec-tools.sourceforge.net)
Jul 31 14:27:17 n7pg01dimg001imon002 racoon: INFO: @(#)This product linked OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 (http://www.openssl.org/)
Jul 31 14:27:17 n7pg01dimg001imon002 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=10)
Jul 31 14:27:17 n7pg01dimg001imon002 racoon: INFO: 127.0.0.1[500] used for NAT-T
Jul 31 14:27:17 n7pg01dimg001imon002 racoon: INFO: 10.x.x.x[500] used as isakmp port (fd=11)
Jul 31 14:27:17 n7pg01dimg001imon002 racoon: INFO: 10.x.x.x[500] used for NAT-T
Jul 31 14:54:19 n7pg01dimg001imon002 racoon: INFO: unsupported PF_KEY message REGISTER
Jul 31 14:54:19 n7pg01dimg001imon002 racoon: INFO: unsupported PF_KEY message X_SPDDELETE2
Jul 31 14:54:19 n7pg01dimg001imon002 racoon: INFO: unsupported PF_KEY message REGISTER
Jul 31 14:54:19 n7pg01dimg001imon002 racoon: ERROR: such policy already exists. anyway replace it: 10.x.x.x/x[0] 174.x.x.x/32[0] proto=any dir=out
Jul 31 14:54:19 n7pg01dimg001imon002 racoon: ERROR: such policy already exists. anyway replace it: 10.x.x.x/x[0] 174.x.x.x/32[0] proto=any dir=in
Jul 31 14:54:19 n7pg01dimg001imon002 racoon: ERROR: such policy already exists. anyway replace it: 10.x.x.x/x[0] 174.x.x.x/32[0] proto=any dir=fwd
Its traversing a NAT at one point.
