[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] NG: IPSEC: no integrity option in rule IKE properties
- To: [email protected]
- Subject: [FW-1] NG: IPSEC: no integrity option in rule IKE properties
- From: Jason Pratt <[email protected]>
- Date: Fri, 1 Nov 2002 10:04:12 -0500
- Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-Index: AcKBt+5Pye0WdpmhRkSz60fopctyeg==
- Thread-Topic: NG: IPSEC: no integrity option in rule IKE properties
hello -
I'm trying to setup a site-to-site VPN between a cisco router and
checkpoint NG (FP2). However, connections fail during IKE phase 2 (phase
1 completes successfully.) The log message I receive is:
IKE: Main Mode completion
IKE: Quick Mode Received Notification from Peer: no proposal chosen
when I edit the encryption action properties on the encryption rule, I
am not presented with the data integrity options (AH or ESP) as
documented. instead, I am only given the options for encryption
algorithm, data integrity (hash), compression method, and allowed peer
gateway. also, I am given options for perfect forward secrecy usage and
ip NAT pooling.
My problem with phase 2 may lie elsewhere, but I am unable to confirm
that my settings on the checkpoint box match my settings on the cisco
box for this. Has anyone else run into this situation, with cisco or any
other 3rd-party VPN product?
::ja
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================