| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] NG to Cisco router VPN setup.
- To: [email protected]
- Subject: Re: [FW-1] NG to Cisco router VPN setup.
- From: "Burton, Chris" <[email protected]>
- Date: Thu, 31 Jul 2003 10:07:33 -0700
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcNXX4tVpr27gZDRQ2SNGcCoUA6dMQAJl02A
- Thread-topic: [FW-1] NG to Cisco router VPN setup.
You should check to see if the "lifetime XXXX" command under the
crypto configuration on the Cisco device is the same as your Phase 1
lifetime on your NG FP3 firewall, if both do not match then the tunnel
will have intermittent problems or will not come up at all.
Chris C. Burton
Network Engineer
Walt Disney Internet Group: Network Services
-----Original Message-----
From: <Gary Hodson> [mailto:[email protected]]
Sent: Thursday, July 31, 2003 4:56 AM
To: [email protected]
Subject: [FW-1] NG to Cisco router VPN setup.
Can anyone help please.
I'm trying to setup a VPN between my NG (FP3 HF2) firewall and a cisco
router. I'm using traditional mode on my end, and am fairly confident
(95%)
that my config is correct. I have a number of other checkpoint to
checkpoint VPNs running from the same box and they work fine.
Anyway, I get the following key exchange messages in my log; IKE: Main
Mode
completion.
Which is immediately followed by; IKE: Quick Mode Received Notification
from Peer: no proposal chosen
I think that it's to do with the "ENCRYPT" action properties on my end.
i.e. you don't appear to be able to select ESP, etc under NG whereas you
could under 4.1.
I managed to find a few other posted messages where people have had the
same problem, but what i can't find is if anyone has the solution.
All help is greatly appreciated.
(I'm officially now pulling my hair out with this one.)
Gary
========================================================================
==
Visit our website at http://www.gartmore.com
Gartmore Investment Management plc is an appointed representative of
Gartmore Investment Ltd (GIL) which is authorised and regulated by the
Financial Services Authority. GIL represents only the NatWest and
Gartmore Marketing Group for life assurance, Pensions, unit trusts,
other regulated collective investment schemes and investment services.
This message is sent in confidence for the addressee only. The contents
are not to be disclosed to anyone other than the addressee.
Unauthorised recipients must preserve this confidentiality and should
please advise the sender of any error in transmission.
No person should rely on the contents of this e-mail without written
confirmation of its contents. This e-mail and the information it
contains are sent in good faith but Gartmore Investment Management plc
and its holding companies and subsidiaries shall not be under any
liability in damages or otherwise for any reliance the recipient may
place upon them.
========================================================================
===
To improve email delivery times, and reduce attachment storage
requirements, Gartmore now ZIP most attachments. If you have received a
zipped attachment and do not have an unzip program, you may download a
free unzipper at
http://www.mk-net-work.com/us/uz/unzip.htm
========================================================================
===
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
