Hi,
I tried to establish a VPN tunnel between a FW1 4.1 sp3 and a
netscreen version 2.5
So first I read the document of Netscreen "Checkpoint Interoperability"
& checked out phoneboy.
I use IKE with DES/MD5 and pre-shared secrets,
configured a rule to allow IKE flow between the FW1 and the NSCRN,
configured Encrypt rules for all traffic between the sites,
configured the VPN tab in both the FW1 and the NSCRN objects for encryption
in the Encryption Domain,
we support subnets,
made sure the time the I saw in the log viewer of the FW1 is exactly the
same time I entered in the console of the netscreen,
and I also changed the IKE key lifetime to 28800 seconds on both the
netscreen and the fw1.
The logging gives me:
green Accept IKE
blue IKE Phase1 Completion DES/MD5 pre-shared
secrets
blue IKE Log: sent notification : no proposal
chosen <phase2 stage1>
and the VPN failes.
I tried switching the different proposals in the netscreen and selectig
different ones, I also tried to use pfm or nopfm, to no avail.
Changing from aggressive mode to normal mode did not change a thing.
I did find multiple archived messages of people asking the same question,
but never found a response that works for me.
So please, if anyone has a clue, please drop me a line!
Thanks,
Patrick Coomans
|