Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Urgent: - Trying to get a Netscreen 25 working togeth er with VPN-1 NG

To: [email protected]
Subject: Re: [FW-1] Urgent: - Trying to get a Netscreen 25 working togeth er with VPN-1 NG
From: Nico De Ranter <[email protected]>
Date: Fri, 26 Apr 2002 13:49:23 +0200
In-reply-to: <[email protected]>; from [email protected] on Fri, Apr 26, 2002 at 11:56:03AM +0100
References: <[email protected]> <[email protected]> <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-agent: Mutt/1.2.5i

Solution ID: sk11100  Creation Date: 04/09/2002  Revised Date: 04/09/2002
Title: How to setup a Check Point VPN-1 NG and Netscreen Gateway to Gateway IKE VPN using Pre-shared Secrets

Nico

On Fri, Apr 26, 2002 at 11:56:03AM +0100, Jim Parker wrote:
> cool what was the ID number of the document?
>
>
>
>
>
> ----- Original Message -----
> From: "Nico De Ranter" <[email protected]>
> To: <[email protected]>
> Sent: Friday, April 26, 2002 7:50 AM
> Subject: Re: [FW-1] Urgent: - Trying to get a Netscreen 25 working togeth er
> with VPN-1 NG
>
>
> > Thanks for all the replies. It turns out Checkpoint wrote a document on
> how to
> > get a Netscreen talk to a VPN-1 NG recently (April 9).  I found it through
> > the Checkpoint usercenter.  I'm not sure what was the problem since I made
> > a number of changes afterall.
> >
> > Anyway it works now :-)
> >
> > Thanks
> >
> > Nico
> >
> > On Thu, Apr 25, 2002 at 11:22:59AM -0700, Russell Washington wrote:
> > > Actually, PFS can be applied to both Phase 1 and Phase 2 in NG.  Don't
> know
> > > for sure about the NetScreen-25... Can't remember :(
> > >
> > > -----Original Message-----
> > > From: Jim Parker [mailto:[email protected]]
> > > Sent: Thursday, April 25, 2002 9:56 AM
> > > To: [email protected]
> > > Subject: [FW-1] Urgent: - Trying to get a Netscreen 25 working together
> with
> > > VPN-1 NG
> > >
> > >
> > > >From those logs I'd be looking at the phase1 IKE negotiation - turn off
> > > agressive mode and see how that works.
> > >
> > > PFS is all a part of Phase2 so don't worry about that yet. Diffie
> Hellman
> > > exchange is Phase2 as well if I recall so thats not the problem.
> > >
> > > How are you keying? certificates? pre shared key?
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Nico De Ranter" <[email protected]>
> > > To: <[email protected]>
> > > Sent: Thursday, April 25, 2002 12:04 PM
> > > Subject: [FW-1] Urgent: Trying to get a Netscreen 25 working together
> with
> > > VPN-1 NG
> > >
> > >
> > > > Hi,
> > > >
> > > > I'm trying to setup a VPN between a Netscreen 25 and a Checkpoint
> > > > VPN-1
> > > NG.FP1
> > > > firewall.  Unfortunately the Netscreen keeps on refusing the
> > > > connection. In the logs I see something like:
> > > >
> > > > 2002-04-25 11:54:43     system  info    00536   IKE <x.x.x.x> Phase 1:
> > > Discarded a second initial packet, which arrived within 5 seconds.
> > > > 2002-04-25 11:54:39     system  info    00536   IKE <x.x.x.x> Phase 1:
> > > Rejected proposals from peer (NO PROPOSAL CHOSEN). Negotiations failed.
> > > > 2002-04-25 11:54:39     system  info    00536   IKE <x.x.x.x> Phase 1:
> > > Responder starts aggressive mode negotiations.
> > > >
> > > > The Checkpoint firewall tries initiates the VPN.
> > > >
> > > > Any idea what might cause the "No Proposal chosen"?  Both sides are
> > > > setup to use 3DES with either MD5 or SHA1 (tried both).
> > > >
> > > > Nico
> > > >
> > > > ---------------------------------------------------------
> > > >  "It has been said that there are only two businesses that
> > > >   refer to customers as users: illegal drug trade and
> > > >                the computer industry."
> > > > ---------------------------------------------------------
> > > > Nico De Ranter
> > > > Sony Service Center (SDCE/VPE-B)
> > > > Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130
> > > > Brussel (Bruxelles), Belgium, Europe, Earth
> > > > Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
> > > > e-mail: [email protected]
> > > >
> > > > =================================================
> > > > To set vacation, Out Of Office, or away messages,
> > > > send an email to [email protected]
> > > > in the BODY of the email add:
> > > > set fw-1-mailinglist nomail
> > > > =================================================
> > > > To unsubscribe from this mailing list,
> > > > please see the instructions at
> > > > http://www.checkpoint.com/services/mailing.html
> > > > =================================================
> > > > If you have any questions on how to change your
> > > > subscription options, email
> > > > [email protected]
> > > > =================================================
> > >
> > > =================================================
> > > To set vacation, Out Of Office, or away messages,
> > > send an email to [email protected]
> > > in the BODY of the email add:
> > > set fw-1-mailinglist nomail
> > > =================================================
> > > To unsubscribe from this mailing list,
> > > please see the instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > > =================================================
> > > If you have any questions on how to change your
> > > subscription options, email
> > > [email protected]
> > > =================================================
> > >
> > > =================================================
> > > To set vacation, Out Of Office, or away messages,
> > > send an email to [email protected]
> > > in the BODY of the email add:
> > > set fw-1-mailinglist nomail
> > > =================================================
> > > To unsubscribe from this mailing list,
> > > please see the instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > > =================================================
> > > If you have any questions on how to change your
> > > subscription options, email
> > > [email protected]
> > > =================================================
> > ---------------------------------------------------------
> >  "It has been said that there are only two businesses that
> >   refer to customers as users: illegal drug trade and
> >                the computer industry."
> > ---------------------------------------------------------
> > Nico De Ranter
> > Sony Service Center (SDCE/VPE-B)
> > Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
> > 1130 Brussel (Bruxelles), Belgium, Europe, Earth
> > Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
> > e-mail: [email protected]
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
---------------------------------------------------------
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
               the computer industry."
---------------------------------------------------------
Nico De Ranter
Sony Service Center (SDCE/VPE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [email protected]

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] Urgent: - Trying to get a Netscreen 25 working togeth er with VPN-1 NG
  - From: Russell Washington <[email protected]>
- Re: [FW-1] Urgent: - Trying to get a Netscreen 25 working togeth er with VPN-1 NG
  - From: Nico De Ranter <[email protected]>
- Re: [FW-1] Urgent: - Trying to get a Netscreen 25 working togeth er with VPN-1 NG
  - From: Jim Parker <[email protected]>

Prev by Date: [FW-1] How to detach CKPFW from StoneBeat Cluster?
Next by Date: Re: [FW-1] upgrade fw1-NG FP1 to FP2
Previous by thread: Re: [FW-1] Urgent: - Trying to get a Netscreen 25 working togeth er with VPN-1 NG
Next by thread: [FW-1] Mail Server / Firewall Problem
Index(es):
- Date
- Thread