Hello Cedric,
C> We have a problem with setting up a VPN between FW1 (4.1 SP3 on
C> Solaris) and a Cisco PIX firewall.
First of all, thanks to the people who answered me already, most of
them request additional info, here it is.
It's an IKE, DES, MD5 VPN. Agressive mode.
We have no control over the PIX's config (and never saw the config)
C> We see such entries in the logs
C> "IKE Log: Sent Notification: no proposal chosen <phase1 stage2>
C> Negotiation Id: 6t3zd51f68z41a5f-cba186ade992a71f"
I'm inclined to believe this is somekind of problem either at the
renewal or exchange of crypto keys, because I see a LOT of these log
entries each time I upload a new ruleset.
After "a while" (10-15 min ?) things seem to settle and this message
disappears.
I tried removing aggressive mode, adding 3DES, changing the key
timeout to 1 day instead of one week.
I'll be asking a dump of the PIX config, tough I believe the problem
is at my end (PIX is supposed to have a timeout at one day too),
because the problem appears when I upload the ruleset...
--
Best regards,
Cedric mailto:[EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
