|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Fw: [FW-1] NG to Cisco router VPN setup.
oops. i think those options are part of phase I. check them to make sure, but look at all of it to make sure -- the ipsec proposals, the ike proposals, the values chosen, etc. ----- Original Message ----- From: "Bill" <[email protected]> To: "Mailing list for discussion of Firewall-1" <[email protected]> Sent: Thursday, July 31, 2003 10:32 PM Subject: Re: [FW-1] NG to Cisco router VPN setup. > sounds like phase I went ok and you need to look at phase II. "no proposal > chosen" usually means that the 2 sides do not agree on the encryption > scheme. for instance, one side might be trying to do esp-3des-md5 and the > other esp-3des-sha. > > hope this helps > ----- Original Message ----- > From: "Burton, Chris" <[email protected]> > To: <[email protected]> > Sent: Thursday, July 31, 2003 1:07 PM > Subject: Re: [FW-1] NG to Cisco router VPN setup. > > > > You should check to see if the "lifetime XXXX" command under the > > crypto configuration on the Cisco device is the same as your Phase 1 > > lifetime on your NG FP3 firewall, if both do not match then the tunnel > > will have intermittent problems or will not come up at all. > > > > Chris C. Burton > > Network Engineer > > Walt Disney Internet Group: Network Services > > > > > > > > -----Original Message----- > > From: <Gary Hodson> [mailto:[email protected]] > > Sent: Thursday, July 31, 2003 4:56 AM > > To: [email protected] > > Subject: [FW-1] NG to Cisco router VPN setup. > > > > Can anyone help please. > > > > I'm trying to setup a VPN between my NG (FP3 HF2) firewall and a cisco > > router. I'm using traditional mode on my end, and am fairly confident > > (95%) > > that my config is correct. I have a number of other checkpoint to > > checkpoint VPNs running from the same box and they work fine. > > > > Anyway, I get the following key exchange messages in my log; IKE: Main > > Mode > > completion. > > Which is immediately followed by; IKE: Quick Mode Received Notification > > from Peer: no proposal chosen > > > > I think that it's to do with the "ENCRYPT" action properties on my end. > > i.e. you don't appear to be able to select ESP, etc under NG whereas you > > could under 4.1. > > > > I managed to find a few other posted messages where people have had the > > same problem, but what i can't find is if anyone has the solution. > > > > All help is greatly appreciated. > > (I'm officially now pulling my hair out with this one.) > > > > Gary > > > > > > > > > > > > > > > > > > > > ======================================================================== > > == > > > > Visit our website at http://www.gartmore.com > > > > Gartmore Investment Management plc is an appointed representative of > > Gartmore Investment Ltd (GIL) which is authorised and regulated by the > > Financial Services Authority. GIL represents only the NatWest and > > Gartmore Marketing Group for life assurance, Pensions, unit trusts, > > other regulated collective investment schemes and investment services. > > > > This message is sent in confidence for the addressee only. The contents > > are not to be disclosed to anyone other than the addressee. > > Unauthorised recipients must preserve this confidentiality and should > > please advise the sender of any error in transmission. > > > > No person should rely on the contents of this e-mail without written > > confirmation of its contents. This e-mail and the information it > > contains are sent in good faith but Gartmore Investment Management plc > > and its holding companies and subsidiaries shall not be under any > > liability in damages or otherwise for any reliance the recipient may > > place upon them. > > > > ======================================================================== > > === > > > > To improve email delivery times, and reduce attachment storage > > requirements, Gartmore now ZIP most attachments. If you have received a > > zipped attachment and do not have an unzip program, you may download a > > free unzipper at > > > > http://www.mk-net-work.com/us/uz/unzip.htm > > > > ======================================================================== > > === > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
