|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Addendum: VPN FW1->PIX, IKE Phase1 Stage2 Problem
Hello Cedric, C> We have a problem with setting up a VPN between FW1 (4.1 SP3 on C> Solaris) and a Cisco PIX firewall. First of all, thanks to the people who answered me already, most of them request additional info, here it is. It's an IKE, DES, MD5 VPN. Agressive mode. We have no control over the PIX's config (and never saw the config) C> We see such entries in the logs C> "IKE Log: Sent Notification: no proposal chosen <phase1 stage2> C> Negotiation Id: 6t3zd51f68z41a5f-cba186ade992a71f" I'm inclined to believe this is somekind of problem either at the renewal or exchange of crypto keys, because I see a LOT of these log entries each time I upload a new ruleset. After "a while" (10-15 min ?) things seem to settle and this message disappears. I tried removing aggressive mode, adding 3DES, changing the key timeout to 1 day instead of one week. I'll be asking a dump of the PIX config, tough I believe the problem is at my end (PIX is supposed to have a timeout at one day too), because the problem appears when I upload the ruleset... -- Best regards, Cedric mailto:[email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
