Here are the errors on the Checkpoint log... on IKE Phase 2 coming from remote PIX 506 configured with DES-MD5; --------------------------------------------------------------------------- Number: 438038 Date: 13Oct2004 Time: 15:02:50 Product: VPN-1 & FireWall-1 Interface: daemon Origin: My checkpoint Gateway Type: Log Action: Key Install Source: Remote PIX 506 Destination: My Checkpoint Gateway Encryption Scheme: IKE VPN Peer Gateway: Remote PIX 506 IKE Phase2 Message ID: 819efb4a Community: WTH-EXTRA-DESonly Information: IKE: Quick Mode Received Notification from Peer: invalid spi ----------------------------------------------------------------------------
Number: 474424 Date: 13Oct2004 Time: 15:48:38 Product: VPN-1 & FireWall-1 Interface: daemon Origin: My Checkpoint Gateway Type: Log Action: Key Install Source: Remote PIX 506 Destination: My Checkpoint gateway Encryption Scheme: IKE VPN Peer Gateway: Remote Pix 506 IKE Phase2 Message ID: 456e4e3f Community: WTH-EXTRA-DESonly Information: IKE: Quick Mode Received Notification from Peer: no proposal chosen ---------------------------------------------------------------------------- This is the PIX506 config pertinent to the site to site VPN ----------------------------------------------------------------------- PIX Version 6.3(1) access-list 120 permit ip host (myfirewall) host (internal host behind PIX506) access-group 120 in interface outside crypto ipsec transform-set rtptac esp-des esp-md5-hmac crypto map rtprules 20 ipsec-isakmp crypto map rtprules 20 match address 120 crypto map rtprules 20 set peer (myfirewall) crypto map rtprules 20 set transform-set rtptac crypto map rtprules interface outside isakmp enable outside isakmp key (sharedkey) address (myfirewall) netmask 255.255.255.255 isakmp nat-traversal 20 isakmp policy 20 authentication pre-share isakmp policy 20 encryption des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 ------------------------------------------------------------------------- -----Original Message----- From: Previtera, Sal Sent: Wednesday, October 13, 2004 2:32 PM To: Mailing list for discussion of Firewall-1 Subject: Checkpoint NG R55 and PIX 506 des only..... Hello, Has anyone able to setup a VPN site to site with a Cisco PIX 506 with DES-MD5 only, with shared key?. I have others PIX 501 already setup with 3DES-MD5, Pre-share and they are working fine. But I seem to unable to get this one running. Any suggestion?. Regards, Sal. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
