[FW-1] 3Com Office Connect Secure Gateway

[Erik Grøtnes <Erik.Grotnes@FW1-NOSPAMTELECA.NO>]

Hi.

I am trying to set up an IPSec tunnel between our FW-1 and a 3Com OfficeConnect Cable/DSL Secure Gateway (3CR856-95), but whatever I do I keep getting the message "invalid id information".

My setup:
I am currently testing the 3Com box on a seperate interface.
FW-1: 172.25.102.254
3Com external: 172.25.102.1
3Com trusted interface: 192.168.4.254
I run FW-1 NG FP3 HF2

I have set up FW1 to accept 3DES and DES and I accept MD5 and SHA-1.
On the 3Com box I have selected 3DES and SHA-1. (I have also tried to select the exact same on FW1).

These are my observations so far:
There is a field "This Gateway's ID" on the 3com box. I have set this to the external interface IP address. With any other settings IKE will fail with the error "IKE:  Phase1 Received Notification from Peer: invalid id information ".

With this setting correct, I get to the next step. First I receive the message "IKE: Main Mode completion.", but then it fails with: "IKE: Quick Mode Received Notification from Peer: invalid id information".

Any ideas what I can do to solve this? I have not been able to figure out what kind of ID we are talking about here, or where I set this ID in my 3Com box.

-Erik-


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================