[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] PFS settings on NG-FP3-HF2 <-> v41-SP6 VPN Tunnel
I have an NG-FP1 combined Management Server / Enforcement Module that manages several v41-SP6 Enforcement Modules at remote office locations. One of these remote offices has a need to establish a VPN tunnel with a partner organization that has an NG-FP3-HF2 combined Management Server / Enforcement Module. There already exist working VPN Tunnels between the NG-FP1 <-> NG-FP3-HF2 machines, and between the NG-FP1 <-> v41-SP6 machines. When we tried establishing a VPN Tunnel between our partner's NG-FP3-HF2 machine and our v41-SP6 machine, we failed to do so. Tunnel properties were ESP + AES-256 + MD5 + PFS (DH 2) and definitely were matching on either end of the Tunnel. The error message received was: "encrypted failure: decrypted methods didn't match rule;" Altering the "PFS (DH 2)" setting to "PFS (DH 1)" had no effect on our problem - the failure continued with the same (above) error message. Finally, the Tunnel came up and worked fine once PFS was turned off entirely. Does anyone have any ideas as to what was going on here? Can a NG-FP3-HF2 <-> v41-SP6 VPN Tunnel be successfully established with PFS turned on ? ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|