|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NG to Cisco router VPN setup.
sounds like phase I went ok and you need to look at phase II. "no proposal chosen" usually means that the 2 sides do not agree on the encryption scheme. for instance, one side might be trying to do esp-3des-md5 and the other esp-3des-sha. hope this helps ----- Original Message ----- From: "Burton, Chris" <[email protected]> To: <[email protected]> Sent: Thursday, July 31, 2003 1:07 PM Subject: Re: [FW-1] NG to Cisco router VPN setup. > You should check to see if the "lifetime XXXX" command under the > crypto configuration on the Cisco device is the same as your Phase 1 > lifetime on your NG FP3 firewall, if both do not match then the tunnel > will have intermittent problems or will not come up at all. > > Chris C. Burton > Network Engineer > Walt Disney Internet Group: Network Services > > > > -----Original Message----- > From: <Gary Hodson> [mailto:[email protected]] > Sent: Thursday, July 31, 2003 4:56 AM > To: [email protected] > Subject: [FW-1] NG to Cisco router VPN setup. > > Can anyone help please. > > I'm trying to setup a VPN between my NG (FP3 HF2) firewall and a cisco > router. I'm using traditional mode on my end, and am fairly confident > (95%) > that my config is correct. I have a number of other checkpoint to > checkpoint VPNs running from the same box and they work fine. > > Anyway, I get the following key exchange messages in my log; IKE: Main > Mode > completion. > Which is immediately followed by; IKE: Quick Mode Received Notification > from Peer: no proposal chosen > > I think that it's to do with the "ENCRYPT" action properties on my end. > i.e. you don't appear to be able to select ESP, etc under NG whereas you > could under 4.1. > > I managed to find a few other posted messages where people have had the > same problem, but what i can't find is if anyone has the solution. > > All help is greatly appreciated. > (I'm officially now pulling my hair out with this one.) > > Gary > > > > > > > > > > ======================================================================== > == > > Visit our website at http://www.gartmore.com > > Gartmore Investment Management plc is an appointed representative of > Gartmore Investment Ltd (GIL) which is authorised and regulated by the > Financial Services Authority. GIL represents only the NatWest and > Gartmore Marketing Group for life assurance, Pensions, unit trusts, > other regulated collective investment schemes and investment services. > > This message is sent in confidence for the addressee only. The contents > are not to be disclosed to anyone other than the addressee. > Unauthorised recipients must preserve this confidentiality and should > please advise the sender of any error in transmission. > > No person should rely on the contents of this e-mail without written > confirmation of its contents. This e-mail and the information it > contains are sent in good faith but Gartmore Investment Management plc > and its holding companies and subsidiaries shall not be under any > liability in damages or otherwise for any reliance the recipient may > place upon them. > > ======================================================================== > === > > To improve email delivery times, and reduce attachment storage > requirements, Gartmore now ZIP most attachments. If you have received a > zipped attachment and do not have an unzip program, you may download a > free unzipper at > > http://www.mk-net-work.com/us/uz/unzip.htm > > ======================================================================== > === > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
