| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] VPNightmare #2
Hello everyone,
Hope somebody can enlightend me on this one...
I have here the following scenario:
Site A: Stonebeat FullCluster 1 build 1073, FW-1 4.1 SP2 STRONG running on 2
solaris 2.6 nodes
Site B: FW-1 4.0 build 4094 (SP5) VPN on Solaris 2.6
VPN between A and B :
Phase 1 is SHA1/DES/preshared, phase 2 MD5/DES-40CP/ESP
ping from host w.x.y.z to host 10.2.0.1 from behind 4.0 to behind 4.1
the keys get negotiated ok - i get phase 1 completion and phase 2 completion
key install msgs for hosts w.x.y.z and 10.2.0.1
the icmp gets encrypted outbound src w.x.y.z dst 10.2.0.1
the icmp gets decrypted inbound src w.x.y.z dst 10.2.0.1
the icmp reply gets encrypted src 10.2.0.1 dst w.x.y.z
the icmp reply get REJECTED src10.2.0.1 dst w.x.y.z info: icmp-type 0
icmp-code 0 encryption failure: Cannot find peer scheme: ISAKMP
hmmmmm....
any ideas??
TIA
Ilya
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
