| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] NG to Cisco router VPN setup.
So something a crypto map wa configured exactly like this on the router
crypto map mymap 10 set pfs group2
Daniel Samaan
Technical Security Consultant
CCSP, CCSE, CCNA, CCA, MCSE+I
Cell:[email protected]
---------------------------------------------------------------------
Forsythe Solutions
5440 W. Fargo Avenue
Skokie, IL 60077
www.forsythesolutions.com
Building cost-effective IT infrastructure that organizations trust.
|---------+-------------------------------------------->
| | @ |
| | Sent by: Mailing list for |
| | discussion of Firewall-1 |
| | <[email protected]|
| | KPOINT.COM> |
| | |
| | |
| | 07/31/2003 11:18 AM |
| | Please respond to Mailing list |
| | for discussion of Firewall-1 |
| | |
|---------+-------------------------------------------->
>----------------------------------------------------------------------------------------------|
| |
| To: [email protected] |
| cc: |
| Subject: [FW-1] NG to Cisco router VPN setup. |
>----------------------------------------------------------------------------------------------|
I've now got it working... looks like a bug between cisco and checkpoint.
On my encrypt rule if I turned on PFS I got a message stating that my
gateway was PFS but the peer wasn't PFS, even though it was switched on on
the cisco at the other end.
Turning off pfs on my encrypt rule got me back to the "no proposal chosen
error". Once we turned off PFS on the cisco the link established
immediately.
We tried using PFS groups 1,2, and 3 on both devices but my NG box still
stated that the Cisco was not PFS, even though it was.
I know it's not ideal, but the link is up.
Going to try and get some sense out of checkpoint and cisco on this one.
watch this space
Any ideas, anyone.
Gary
----- Forwarded by Gary Hodson/GB/GARTMORE on 31/07/2003 17:13 -----
|---------+---------------------------------------->
| | Gary Hodson |
| | Security Services Mgr |
| | Dept: Information Systems |
| | Tel: +44 (0) 20 7782 2048 |
| | Loc: 4 GH |
| | |
| | Sent at: 31/07/2003 12:56 |
| | |
|---------+---------------------------------------->
>------------------------------------------------------------------------------------------------------------------|
|
|
|To: [email protected]
|
|cc:
|
|bcc:
|
|Subject: NG to Cisco router VPN setup.
|
>------------------------------------------------------------------------------------------------------------------|
Can anyone help please.
I'm trying to setup a VPN between my NG (FP3 HF2) firewall and a cisco
router. I'm using traditional mode on my end, and am fairly confident (95%)
that my config is correct. I have a number of other checkpoint to
checkpoint VPNs running from the same box and they work fine.
Anyway, I get the following key exchange messages in my log; IKE: Main Mode
completion.
Which is immediately followed by; IKE: Quick Mode Received Notification
from Peer: no proposal chosen
I think that it's to do with the "ENCRYPT" action properties on my end.
i.e. you don't appear to be able to select ESP, etc under NG whereas you
could under 4.1.
I managed to find a few other posted messages where people have had the
same problem, but what i can't find is if anyone has the solution.
All help is greatly appreciated.
(I'm officially now pulling my hair out with this one.)
Gary
==========================================================================
Visit our website at http://www.gartmore.com
Gartmore Investment Management plc is an appointed representative of
Gartmore Investment Ltd (GIL) which is authorised and regulated by the
Financial Services Authority. GIL represents only the NatWest and Gartmore
Marketing Group for life assurance, Pensions, unit trusts, other regulated
collective investment schemes and investment services.
This message is sent in confidence for the addressee only. The contents
are not to be disclosed to anyone other than the addressee. Unauthorised
recipients must preserve this confidentiality and should please advise the
sender of any error in transmission.
No person should rely on the contents of this e-mail without written
confirmation of its contents. This e-mail and the information it contains
are sent in good faith but Gartmore Investment Management plc and its
holding companies and subsidiaries shall not be under any liability in
damages or otherwise for any reliance the recipient may place upon them.
===========================================================================
To improve email delivery times, and reduce attachment storage
requirements, Gartmore now ZIP most attachments. If you have received a
zipped attachment and do not have an unzip program, you may download a free
unzipper at
http://www.mk-net-work.com/us/uz/unzip.htm
===========================================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
--------------------------------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.
If you have received this email in error please notify the
originator of the message. This footer also confirms that this
email message has been scanned for the presence of computer viruses.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
