[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Running IKE between FW-1 and PIX
Hi,
I have a Cisco PIX running version 5.0(3) and a Firewall-1 4.1 running on NT
4.0. I have problems running IPSec using IKE with pre-shared keyes between
them. If the PIX initiates the connection, everything works fine, but if the
FW-1 is the initiator, the connection fails during phase one negotiation.
The FW-1 log shows the entry:
IKE Log:Sent Notification: No proposal chosen <phase 1, stage 2> Negotiation
ID: < a hex number >.
The only reason I can think of as to why the initiator should be significant
is the difference of configured key lifetimes, but an exhaustive line of
tests has shown that the PIX will always succesfully set up a connection
regardless of whether the key lifetimes is smaller, greater or equal to the
configured lifetimes on the FW-1. The FW-1 on the other hand always fails.
Unfortunately, I can not rely on the PIX always setting up the connection,
so any help is much appreciatet.
Regards
Anders C Christensen
Software Engineer
Thrane & Thrane
Tobaksvejen 23, DK-2860 Soeborg, Denmark
Direct: +45 39 55 88 89
Reception: +45 39 55 88 00
Fax: +45 39 55 88 88
E-mail: Mailto:acc@tt.dk
Internet: http://www.tt.dk/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
