I have seen the same thing with on
exception. If the sonic-wall makes the VPN connection. The network behind the
Sonic-Wall can encrypt to the Checkpoint. But the Checkpoint cannot encrypt to
the SonicWall and I get the no proposal Chosen. If I have the Checkpoint make the connection and the Key
Exchange, Both sides encrypt Fine. If the VPN connection times out, and the
sonic-wall is the first to make the key exchange, I get the no proposal Chosen.
A temp solution that my client is doing is
having a ping go across From the network behind the Checkpoint to the Sonicwall
network. If keeps the VPN running.
I tried calling Checkpoints Crappy
support, but as the norm with their support they had no clue. Has anyone else
noticed a fall off in Checkpoint Support? I hate to call, because I get
someone on the other end that has no clue, or is cocky.
-----Original Message-----
From: Mailing list for discussion
of Firewall-1 [mailto:[email protected]] On Behalf Of Huff, Roger
Sent: Friday, June 14, 2002 6:28
PM
To:
[email protected]
Subject: [FW-1] NGFP2 - IKE -
SonicWALL - Win2000 Server
I am new to this list and I am very
glad I found it, hopefully I will be able to contribute in the future.
My question comes from the
standpoint of using IKE with NG FP2 to my remote SonicWALL appliances.
Currently, I am running manual IPSEC
between the SW's and my 4.1 SP5 firewall. Unfortunately, NGFP2 no longer
supports IPSEC so I am working in my test environment to implement IKE. I have
had no luck whatsoever, the documents from SonicWALL appear to be based on a
FP1 product at best and SecureKnowl'ge from Checkpoint has NOTHING that is of
any interest in this regard. Some SonicWALL's are TELE2's, TELE3's, and
SOHO/10's - they all seem to do the same.
It appears that the Phase1 is
working but there is nothing beyond that. I get that wonderful IKE: Main Mode
Sent Notification: no proposal chosen error.
I noticed on this list that there
was some activity re this back in Sept 2001 but I've missed anything really
since then.
Thoughts, guides, helps, etc. would
be appreciated.
Roger
Huff
Sr.
Network Engineer
Paragon Biomedical, Inc.
This email
transmission and any documents, files or previous email messages attached to it
may contain information that is confidential or legally privileged. If you are
not the intended recipient or a person responsible for delivering this
transmission to the intended recipient, you are hereby notified that you must
not read this transmission and that any disclosure, copying, printing,
distribution or use of this transmission is strictly prohibited. If you have
received this transmission in error, please immediately notify the sender by
telephone or return email and delete the original transmission and its
attachments without reading or saving in any manner.