[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Urgent: - Trying to get a Netscreen 25 working togeth er with VPN-1 NG
Actually, PFS can be applied to both Phase 1 and Phase 2 in NG. Don't know for sure about the NetScreen-25... Can't remember :( -----Original Message----- From: Jim Parker [mailto:[email protected]] Sent: Thursday, April 25, 2002 9:56 AM To: [email protected] Subject: [FW-1] Urgent: - Trying to get a Netscreen 25 working together with VPN-1 NG >From those logs I'd be looking at the phase1 IKE negotiation - turn off agressive mode and see how that works. PFS is all a part of Phase2 so don't worry about that yet. Diffie Hellman exchange is Phase2 as well if I recall so thats not the problem. How are you keying? certificates? pre shared key? ----- Original Message ----- From: "Nico De Ranter" <[email protected]> To: <[email protected]> Sent: Thursday, April 25, 2002 12:04 PM Subject: [FW-1] Urgent: Trying to get a Netscreen 25 working together with VPN-1 NG > Hi, > > I'm trying to setup a VPN between a Netscreen 25 and a Checkpoint > VPN-1 NG.FP1 > firewall. Unfortunately the Netscreen keeps on refusing the > connection. In the logs I see something like: > > 2002-04-25 11:54:43 system info 00536 IKE <x.x.x.x> Phase 1: Discarded a second initial packet, which arrived within 5 seconds. > 2002-04-25 11:54:39 system info 00536 IKE <x.x.x.x> Phase 1: Rejected proposals from peer (NO PROPOSAL CHOSEN). Negotiations failed. > 2002-04-25 11:54:39 system info 00536 IKE <x.x.x.x> Phase 1: Responder starts aggressive mode negotiations. > > The Checkpoint firewall tries initiates the VPN. > > Any idea what might cause the "No Proposal chosen"? Both sides are > setup to use 3DES with either MD5 or SHA1 (tried both). > > Nico > > --------------------------------------------------------- > "It has been said that there are only two businesses that > refer to customers as users: illegal drug trade and > the computer industry." > --------------------------------------------------------- > Nico De Ranter > Sony Service Center (SDCE/VPE-B) > Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 > Brussel (Bruxelles), Belgium, Europe, Earth > Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 > e-mail: [email protected] > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|