[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] Problems on configuration between FW-1 NG FP2 and Cisco Concentrator 3000
Hello all,
I�m try to configure a VPN between a CheckPoint FW-1 NG FP2 and Cisco
Concentrator 3000. The IKE and IPsec configuration are:
- Perform key exchange: 3DES
- Perform data integrity: MD5
- Diffie-Hellman Group 2 (1024 bits)
On both sites there are the same configuration. On the FW-1 side there are
configured the VPN like Community, and there are defined all the objects
(the cisco object (Interoperable Object), the FW-1 object and the internal
ranges under the gws objects).
When I try to establish the communication, on FW-1 show the next logs message:
"..encryption failure: Packet is dropped as there is no valid SA"
".. encryption failure: no response from peer."
"..encryption failure: Encryption/Decryption Failure"
And on the Cisco side show this others:
1 12/19/2002 12:15:23.560 SEV=4 IKE/0 RPT=155 ..xxx.xxx
Unable to open CERT context
But I don't set the FW-1 to request a CERT. I don`t know why the cisco show
a cert problem.
I have put a tcpdump sniffer on the external interface to see what
happened, and I saw that the FW-1 send by port 500 UDP the request of
connection to the other peer, but on the trace I didn't see any reply from
the Cisco.
Any one could tell me anything about it ?
Thanks ...
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================