Just a sec... With IPcop 1.2 you can establish an IPsec connection from behind an IPcop box. So if your Netscreen is supposed to be behind the IPcop box, just go to VPN, and check off the IPsec Pass-thru check box.
If IPcop needs to connect through a NAT at the remote end to see the Netscreen, then the issue isn't with IPcop, but rather it's with the firewall at the remote end. Perhaps it'll work if the Netscreen tries to establish the connection rather than having IPcop establish it. Kev. ----- Original Message ----- From: "Wendell Nichols" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, March 09, 2003 8:37 AM Subject: Re: (clug-talk) Fw: [IPCop-user] IPCop v1.2.0 fixes2 release > I finally got the bottom of this. The netscreen is behind a NATed > firewall! IPCOP does not, at this time, support NAT traversal. When I > does I'll try again! > wcn > > Kevin Anderson wrote: > > >I've never seen this error. Some Gooling would suggest that this is a > >common error if you're using Certificates rather than PSKs (I'm using PSKs > >for now). Generally, the certificates are accidently reversed (right should > >be left, and vice-versa). > > > >This IS over my head (I've never used the netscreen yet), but I will say > >that you need to be running at least version Netscreen 2.0 in order for it > >to interoperate with Freeswan. > > > >Kev. > > > > > >----- Original Message ----- > >From: "Wendell Nichols" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Sent: Friday, March 07, 2003 11:47 AM > >Subject: Re: (clug-talk) Fw: [IPCop-user] IPCop v1.2.0 fixes2 release > > > > > > > > > >>Phase 1 negotian errors. I get: > >>"basingstoke" #2: max number of retransmissions (2) reached > >>STATE_MAIN_I1. No acceptable response to our first IKE message > >> > >>It retries till it exausts the limit and stops. > >> > >>I would be VERY interested in any info you can provide. > >>wcn > >> > >> > >>Kevin Anderson wrote: > >> > >> > >> > >>>I'll have a netscreen in about 6 weeks that I'll try to connect up to a > >>>IPcop box. > >>> > >>>What kind of errors are you getting? > >>> > >>>Kev. > >>> > >>> > >>> > >>>----- Original Message ----- > >>>From: "Wendell Nichols" <[EMAIL PROTECTED]> > >>>To: <[EMAIL PROTECTED]> > >>>Sent: Thursday, March 06, 2003 10:44 AM > >>>Subject: Re: (clug-talk) Fw: [IPCop-user] IPCop v1.2.0 fixes2 release > >>> > >>> > >>> > >>> > >>> > >>> > >>>>I am running IPCop and am relatively happy. I have problems connecting > >>>>to a netscreen vpn router though :-( > >>>> > >>>>Anyone got any experience with this? > >>>>wcn > >>>> > >>>>Kevin Anderson wrote: > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>>And again... > >>>>> > >>>>>fixes 1 had an error which prevented IDS from starting. > >>>>> > >>>>>Are these forwardings of any value to anyone? Who all is running > >>>>> > >>>>> > >IPcop? > > > > > >>>>>Kev. > >>>>> > >>>>> > >>>>>----- Original Message ----- > >>>>>From: "Mark Wormgoor" <[EMAIL PROTECTED]> > >>>>>To: <[EMAIL PROTECTED]>; > >>>>><[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > >>>>>Sent: Wednesday, March 05, 2003 12:13 PM > >>>>>Subject: [IPCop-user] IPCop v1.2.0 fixes2 release > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>Hello, > >>>>>> > >>>>>>The fixes1 release unfortunately had 2 minor bugs. You will find the > >>>>>>fixes2 update for IPCop v1.2.0 on the website. > >>>>>> > >>>>>>Size: 67467 (65KB) > >>>>>>MD5: 15900e79312578661c18420f249b1ca0 > >>>>>>Fixes: - New Snort ruleset and configuration file for Snort 1.9.1 > >>>>>>- Proxylog.dat now executable again (prevents error 500) > >>>>>> > >>>>>>No other functionality is included in this patch. > >>>>>> > >>>>>>Kind regards, > >>>>>> > >>>>>>Mark Wormgoor > >>>>>>-- > >>>>>>*************************************************************** > >>>>>>* |\ /| | /| / Mark Wormgoor * > >>>>>>* | \ / | | / | / mailto:[EMAIL PROTECTED] * > >>>>>>* | \/ |ark |/ |/ormgoor http://www.wormgoor.com/mark/ * > >>>>>>*************************************************************** > >>>>>> > >>>>>> > >>>>>> > >>>>>>------------------------------------------------------- > >>>>>>This SF.net email is sponsored by: Etnus, makers of TotalView, The > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>debugger > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>for complex code. Debugging C/C++ programs can leave you feeling lost > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>and > >>> > >>> > >>> > >>> > >>>>>>disoriented. TotalView can help you find your way. Available on major > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>UNIX > >>> > >>> > >>> > >>> > >>>>>>and Linux platforms. Try it free. www.etnus.com > >>>>>>_______________________________________________ > >>>>>>IPCop-user mailing list > >>>>>>[EMAIL PROTECTED] > >>>>>>https://lists.sourceforge.net/lists/listinfo/ipcop-user > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >>> > >>> > >>> > >> > >> > >> > >> > >> > > > > > > > > > > > > >
