[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NG to Cisco router VPN setup.
So something a crypto map wa configured exactly like this on the router crypto map mymap 10 set pfs group2 Daniel Samaan Technical Security Consultant CCSP, CCSE, CCNA, CCA, MCSE+I Cell:[email protected] --------------------------------------------------------------------- Forsythe Solutions 5440 W. Fargo Avenue Skokie, IL 60077 www.forsythesolutions.com Building cost-effective IT infrastructure that organizations trust. |---------+--------------------------------------------> | | @ | | | Sent by: Mailing list for | | | discussion of Firewall-1 | | | <[email protected]| | | KPOINT.COM> | | | | | | | | | 07/31/2003 11:18 AM | | | Please respond to Mailing list | | | for discussion of Firewall-1 | | | | |---------+--------------------------------------------> >----------------------------------------------------------------------------------------------| | | | To: [email protected] | | cc: | | Subject: [FW-1] NG to Cisco router VPN setup. | >----------------------------------------------------------------------------------------------| I've now got it working... looks like a bug between cisco and checkpoint. On my encrypt rule if I turned on PFS I got a message stating that my gateway was PFS but the peer wasn't PFS, even though it was switched on on the cisco at the other end. Turning off pfs on my encrypt rule got me back to the "no proposal chosen error". Once we turned off PFS on the cisco the link established immediately. We tried using PFS groups 1,2, and 3 on both devices but my NG box still stated that the Cisco was not PFS, even though it was. I know it's not ideal, but the link is up. Going to try and get some sense out of checkpoint and cisco on this one. watch this space Any ideas, anyone. Gary ----- Forwarded by Gary Hodson/GB/GARTMORE on 31/07/2003 17:13 ----- |---------+----------------------------------------> | | Gary Hodson | | | Security Services Mgr | | | Dept: Information Systems | | | Tel: +44 (0) 20 7782 2048 | | | Loc: 4 GH | | | | | | Sent at: 31/07/2003 12:56 | | | | |---------+----------------------------------------> >------------------------------------------------------------------------------------------------------------------| | | |To: [email protected] | |cc: | |bcc: | |Subject: NG to Cisco router VPN setup. | >------------------------------------------------------------------------------------------------------------------| Can anyone help please. I'm trying to setup a VPN between my NG (FP3 HF2) firewall and a cisco router. I'm using traditional mode on my end, and am fairly confident (95%) that my config is correct. I have a number of other checkpoint to checkpoint VPNs running from the same box and they work fine. Anyway, I get the following key exchange messages in my log; IKE: Main Mode completion. Which is immediately followed by; IKE: Quick Mode Received Notification from Peer: no proposal chosen I think that it's to do with the "ENCRYPT" action properties on my end. i.e. you don't appear to be able to select ESP, etc under NG whereas you could under 4.1. I managed to find a few other posted messages where people have had the same problem, but what i can't find is if anyone has the solution. All help is greatly appreciated. (I'm officially now pulling my hair out with this one.) Gary ========================================================================== Visit our website at http://www.gartmore.com Gartmore Investment Management plc is an appointed representative of Gartmore Investment Ltd (GIL) which is authorised and regulated by the Financial Services Authority. GIL represents only the NatWest and Gartmore Marketing Group for life assurance, Pensions, unit trusts, other regulated collective investment schemes and investment services. This message is sent in confidence for the addressee only. The contents are not to be disclosed to anyone other than the addressee. Unauthorised recipients must preserve this confidentiality and should please advise the sender of any error in transmission. No person should rely on the contents of this e-mail without written confirmation of its contents. This e-mail and the information it contains are sent in good faith but Gartmore Investment Management plc and its holding companies and subsidiaries shall not be under any liability in damages or otherwise for any reliance the recipient may place upon them. =========================================================================== To improve email delivery times, and reduce attachment storage requirements, Gartmore now ZIP most attachments. If you have received a zipped attachment and do not have an unzip program, you may download a free unzipper at http://www.mk-net-work.com/us/uz/unzip.htm =========================================================================== ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= -------------------------------------------------------------------------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. This footer also confirms that this email message has been scanned for the presence of computer viruses. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|