IPSec w/ RHEL4 - Racoon error messages

[s0n|k]

Can someone tell me what this means? I can't figure out what is going wrong with my IPSec setup. I'm using RHEL4 with a 2.6 kernel and the latest version of IPSec-tools from Sourceforge.

Code:

2007-03-29 13:13:53: INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)
2007-03-29 13:13:53: INFO: @(#)This product linked OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/)
2007-03-29 13:13:53: INFO: ###.###.###.###[500] used as isakmp port (fd=5)
2007-03-29 13:14:12: INFO: respond new phase 1 negotiation: ###.###.###.###[500]<=>###.###.###.###[500]
2007-03-29 13:14:12: INFO: begin Identity Protection mode.
2007-03-29 13:14:13: INFO: ISAKMP-SA established ###.###.###.###[500]-###.###.###.###[500] spi:312c6b7d5df62730:6b4e551576503ae8
2007-03-29 13:14:14: INFO: respond new phase 2 negotiation: ###.###.###.###[0]<=>###.###.###.###[0]
2007-03-29 13:14:14: ERROR: pfs group mismatched: my:2 peer:0
2007-03-29 13:14:14: ERROR: not matched
2007-03-29 13:14:14: ERROR: no suitable policy found.
2007-03-29 13:14:14: ERROR: failed to pre-process packet.

This seems to be saying that my DH group is 2 in racoon and 0 on the remote machine. However I have the DH/PFS group set to 2 everywhere. Possible miscommunication?

[s0n|k]

I figured it out. I wasn't using pfs on the connecting host. I simply erased the 'pfs 2' line out of the config file and it worked. Hopefully this post will help someone in the future.