[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Nokia (Network Alchemy) CC 500 (Crypto Cluster) and FW1 SP2 on NT
I
am trying to set up a VPN using a Nokia CC 500 and FW1. I'm using IKE and
pre-shared secrets. The tunnel works in one direction, from the network
behind the Nokia to the network behind the FW1 machine, but when I attempt
to access the network behind the Nokia CC 500 from the network behind the FW1,
it fails and I get the following on the CC 500 console (some IPs changed to
protect the innocent):
Thu Feb 15 15:16:18
2001 (IPSEC)-ERR: key_find_responder_policy: matching outbound selector not
found
Thu Feb 15 15:16:18 2001 (IKE)-ERR: receive: failed to locate QM responder policy then:
Thu Feb 15 15:16:43
2001 (IKE)-AUDIT: IKE SA deleted for 123.123.123.66 (123.123.123.66)
Thu Feb 15 15:16:43 2001 (IKE)-NOTICE: process_sa: no proposal chosen Then the tunnel goes
down and does not come back up until traffic goes from the network behind the
Nokia CC 500 to the network behind the FW1 box.
When it is up, IPSEC
looks like this:
IPSec Security
Associations:
spi:
ffff3c00 <- ffff1d87
source address: 123.123.123.66 destination address: 123.123.123.80 client identity: 10.10/24 type: esp integrity algorithm: md5 (128 bits) secrecy algorithm: 3des (192 bits) flags: inbound,initiator,tunnel lifetime: 60 minutes time-to-live: 59 minutes traffic: 848 bytes
spi:
ffff1d87 -> ffff3c00 (1)
source address: 123.123.123.80 destination address: 123.123.123.66 client identity: 10/24 type: esp integrity algorithm: md5 (128 bits) secrecy algorithm: 3des (192 bits) flags: outbound,initiator,tunnel lifetime: 60 minutes time-to-live: 59 minutes traffic: 632 bytes and IKE looks like
this:
IKE Security
Associations:
sequence:
2b
state: MM_IDLE flags: outbound,valid source: 123.123.123.80 destination: 123.123.123.66 peer identity: fqdn.domain.com oakley group: modp-768 encryption algorithm: 3des hash algorithm: md5 authentication method: pre-shared key associations: 2 lifetime: 8 hours time-to-live: 7 hours It's also really
slow. Anyone out there have any experience with the Nokia CC 500 that they
would like to share?
Scott
|