|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Urgent: - Trying to get a Netscreen 25 working togeth er with VPN-1 NG
Thanks for all the replies. It turns out Checkpoint wrote a document on how to get a Netscreen talk to a VPN-1 NG recently (April 9). I found it through the Checkpoint usercenter. I'm not sure what was the problem since I made a number of changes afterall. Anyway it works now :-) Thanks Nico On Thu, Apr 25, 2002 at 11:22:59AM -0700, Russell Washington wrote: > Actually, PFS can be applied to both Phase 1 and Phase 2 in NG. Don't know > for sure about the NetScreen-25... Can't remember :( > > -----Original Message----- > From: Jim Parker [mailto:[email protected]] > Sent: Thursday, April 25, 2002 9:56 AM > To: [email protected] > Subject: [FW-1] Urgent: - Trying to get a Netscreen 25 working together with > VPN-1 NG > > > >From those logs I'd be looking at the phase1 IKE negotiation - turn off > agressive mode and see how that works. > > PFS is all a part of Phase2 so don't worry about that yet. Diffie Hellman > exchange is Phase2 as well if I recall so thats not the problem. > > How are you keying? certificates? pre shared key? > > > > ----- Original Message ----- > From: "Nico De Ranter" <[email protected]> > To: <[email protected]> > Sent: Thursday, April 25, 2002 12:04 PM > Subject: [FW-1] Urgent: Trying to get a Netscreen 25 working together with > VPN-1 NG > > > > Hi, > > > > I'm trying to setup a VPN between a Netscreen 25 and a Checkpoint > > VPN-1 > NG.FP1 > > firewall. Unfortunately the Netscreen keeps on refusing the > > connection. In the logs I see something like: > > > > 2002-04-25 11:54:43 system info 00536 IKE <x.x.x.x> Phase 1: > Discarded a second initial packet, which arrived within 5 seconds. > > 2002-04-25 11:54:39 system info 00536 IKE <x.x.x.x> Phase 1: > Rejected proposals from peer (NO PROPOSAL CHOSEN). Negotiations failed. > > 2002-04-25 11:54:39 system info 00536 IKE <x.x.x.x> Phase 1: > Responder starts aggressive mode negotiations. > > > > The Checkpoint firewall tries initiates the VPN. > > > > Any idea what might cause the "No Proposal chosen"? Both sides are > > setup to use 3DES with either MD5 or SHA1 (tried both). > > > > Nico > > > > --------------------------------------------------------- > > "It has been said that there are only two businesses that > > refer to customers as users: illegal drug trade and > > the computer industry." > > --------------------------------------------------------- > > Nico De Ranter > > Sony Service Center (SDCE/VPE-B) > > Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 > > Brussel (Bruxelles), Belgium, Europe, Earth > > Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 > > e-mail: [email protected] > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= --------------------------------------------------------- "It has been said that there are only two businesses that refer to customers as users: illegal drug trade and the computer industry." --------------------------------------------------------- Nico De Ranter Sony Service Center (SDCE/VPE-B) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: [email protected] ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
