Am 26.07.2007 um 19:09 schrieb Mitja MuE>eniD
:
Coincidentally I have exactly same symptoms connecting 4.1-stable
(using
isakmpd.conf and AES SHA1) to an unknown remote Firebox VPN gateway
running
"firebox software 8.3" (very sketchy information because I had to
prie it
out of the IT people at the remote end).
Rekeying occasionaly fails, Phase 2 is down but Phase 1 SA remains
active.
The Firebox side does not reply to my Phase 2 proposals until I
manually
kill the Phase 1 SA on my end and reestablish everything.
I'm inclined to assume the problem lies at Firebox's end. But I
have no
access to Watchguard's support pages to see if it is a known problem.
Mitja
Hi!
The problem with the WatchGuard Firewalls is that they are pretty
strict. They are really great.
So your end is running Fireware 8.3. On my end it is the old software
version 7.3 which can only do 3DES.
I think I will have to try to use isakmpd as well and see how this
works.
You should also supply the DH Groups for both phases.
As far as I know the WatchGuard Firewalls only support DH1 and DH2 so
do not forget to set this in
your isakmpd.conf file.
James
