NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Urgent: - Trying to get a Netscreen 25 working togeth er with VPN-1 NG



Actually, PFS can be applied to both Phase 1 and Phase 2 in NG.  Don't know
for sure about the NetScreen-25... Can't remember :(

-----Original Message-----
From: Jim Parker [mailto:[email protected]]
Sent: Thursday, April 25, 2002 9:56 AM
To: [email protected]
Subject: [FW-1] Urgent: - Trying to get a Netscreen 25 working together with
VPN-1 NG


>From those logs I'd be looking at the phase1 IKE negotiation - turn off
agressive mode and see how that works.

PFS is all a part of Phase2 so don't worry about that yet. Diffie Hellman
exchange is Phase2 as well if I recall so thats not the problem.

How are you keying? certificates? pre shared key?



----- Original Message -----
From: "Nico De Ranter" <[email protected]>
To: <[email protected]>
Sent: Thursday, April 25, 2002 12:04 PM
Subject: [FW-1] Urgent: Trying to get a Netscreen 25 working together with
VPN-1 NG


> Hi,
>
> I'm trying to setup a VPN between a Netscreen 25 and a Checkpoint
> VPN-1
NG.FP1
> firewall.  Unfortunately the Netscreen keeps on refusing the
> connection. In the logs I see something like:
>
> 2002-04-25 11:54:43     system  info    00536   IKE <x.x.x.x> Phase 1:
Discarded a second initial packet, which arrived within 5 seconds.
> 2002-04-25 11:54:39     system  info    00536   IKE <x.x.x.x> Phase 1:
Rejected proposals from peer (NO PROPOSAL CHOSEN). Negotiations failed.
> 2002-04-25 11:54:39     system  info    00536   IKE <x.x.x.x> Phase 1:
Responder starts aggressive mode negotiations.
>
> The Checkpoint firewall tries initiates the VPN.
>
> Any idea what might cause the "No Proposal chosen"?  Both sides are
> setup to use 3DES with either MD5 or SHA1 (tried both).
>
> Nico
>
> ---------------------------------------------------------
>  "It has been said that there are only two businesses that
>   refer to customers as users: illegal drug trade and
>                the computer industry."
> ---------------------------------------------------------
> Nico De Ranter
> Sony Service Center (SDCE/VPE-B)
> Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130
> Brussel (Bruxelles), Belgium, Europe, Earth
> Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
> e-mail: [email protected]
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.