VPN

[My network info:]

Can someone help with an error I'm getting?  I am trying to get my monowall to connect to a WatchGuard  firewall.

My network info:
I am using PPPOE with an external IP of 216.10.1.2 (change for privacy, of course)
LAN Interface IP address (under Status:Interfaces) shows 192.168.111.1 (ip of monowall)
Under System-Advanced, I enabled "Allow fragmented IPsec packets"

My settings:
Tunnel
Interface:WAN
Local Subnet: Network 192.168.111.0/24
Remote Subnet: 192.168.200.0/24
Remote Gateway: 63.1.2.3

Phase 1
Neg mode: aggressive
My Identifier:  Domain Name: ld
Encryption DES
Hash SHA1
DH key group 1
Lifetime 2600
Authentication mode: preshared key: mykey

Phase 2
Protocol ESP
Enc Algorithms:  DES and 3DES checked
Hash Algorithms: SHA1
PFS Keygroup: 1

My Log:
Feb 15 19:13:13    racoon: ERROR: unknown notify message, no phase2 handle found.
Feb 15 19:13:12    racoon: INFO: initiate new phase 2 negotiation: 216.10.1.2[0]<=>63.1.2.3[0]

WatchGuard  logging info:
Some of the logs the WG reports (as I wrote themdown)..
Unable to find chanel info
Sending invalid ID info message
Quick mode processing failed
No matching IPSEC policies found

I hope this is enough to get some ideas what to do next.

Thanks

have you tried googling:  site:m0n0.ch WatchGuard ipsec

CS...

I have read through many posts in the forums and on the list about configuring with WatchGuard - but I haven't yet found anything that pertains to my problem.

are both your watchguard and your m0n0wall border routers?  Also, would be helpful if you list all of your parameters on both ends as well as the possible IPSec choices you have on your watchguard.

CS...

I got into the Watchguard unit and have some settings...

I went into Branch Office VPN and have a Manual IP Sec config setup
Local network: 192.168.200.0/24
remote network: 192.168.111.0/24
Disposition: secure
tunnel: asdf

Gateway: 216.xxx.xxx.123
Shared Key: <something>
Phase 1: Domain Name=xxx, SHA1, DES
Diff. Hellman Group = 1
Enabled Aggressive checkbox is checked OFF

Tunnel - asdf...  Phase 2; ESP, SHA1, 3DES

The only routing information I could find was when I would click Edit for the IPSec configuration, and that is setup with the settings as noted above.

so, hte only setting that seemed to not match up is the aggressive mode option..  that didn't make any difference.. I still get the typical "unable to find channel info for remote".  When searching for that,  it seems EVERY post results in no answers..  <I'm lost>

Have you tried setting "PFS Keygroup: off" on your m0n0wall ?

CS...

Thanks for the suggestion, I just tried that - didn't work though...

hello c0rp53, have you solved the situation?

i have the same situation like you, m0n0wall and watchguard vpn client.
(^attention:my m0n0 is behind a Zyxel Firewall and i NAT the ipsec ports)

i can successfully connect to the m0n0wall, but there is no traffic.....

do i have to add some rules for ipsec? i've just acctivated the "accept client" mode, no tunnel!

thanks for every help
bobby

The phase I and Phase II you mean, sound like IPSec, not PPTP.