Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Check Point and FreeSwan

From: Marco Santini (m.santini_at_infogroup.it)
Date: Wed Jun 26 2002 - 12:55:16 CEST

Next message: Linas Vepstas: "Re: [Users] NAT except for 2 addresses"
Previous message: Wouter de Bie: "[Users] FreeSwan 1.97 and SonicWall Pro-300 succes!!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

BlankHi,
after many successful connections between different IPSec implementation
with my FreeSwan gateway, now I have to connect it to CheckPoint FW1 4.1 on
Solaris.
There is a subnet behind both gateways.
Apparently, the two phases are well accomplished and the IKE SA - IPSec SA
are established.
Trying to ping from one side to the other, packets are dropped from the CP
firewall with the message:

"the peer is using the wrong authentication scheme"

I read on the list archive that FW1 accepts the first proposal sent by the
peer, but if this proposal doesn't match its configuration it will reject
any packet encrypted.
Anyone can confirm this explanation?
If so, what is the first proposal sent by FreeSwan?
Thanks to everyone.

Marco Santini
m.santini_at_infogroup.it

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Linas Vepstas: "Re: [Users] NAT except for 2 addresses"
Previous message: Wouter de Bie: "[Users] FreeSwan 1.97 and SonicWall Pro-300 succes!!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST