VPN connection fails.
Kirtikumar Satam
kgsatam at INFOSEC.FEDEX.COM
Sun Aug 13 23:11:57 EDT 2000
I was able to get IKE VPN between CISCO 12.0(7)T (in fact some other
variants too) and checkpoint 2000 (aka 4.1) without much problem. I have not
noticed MTU problem like the one mentioned in other post. But then, I did
not specifically tried that.
On the other hand, we had bunch of problems with Netscreen and Checkpoint.
Luckily, Netscreen came thru' with many patched to their BIOS and after a
few ones, we do have a stable VPN between the two, except netscreen does not
seem to handle tunnels to multiple subnet at a time.
In short, apart of upgrading the IOS as mentioned, make sure that you have
latest BIOS for Netscreen.
Kirtikumar Satam
Technical Advisor/Information Security R&D
IT Engineering
FedEx Corp
-----Original Message-----
From: VPN Mailing List [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of Gowri
Shankar Bhogisetty
Sent: Wednesday, August 09, 2000 11:55 AM
To: VPN at SECURITYFOCUS.COM
Subject: VPN connection fails.
Hi ,
We are established VPN connectivity between 2611 cisco router and
Netscreen VPN .
What is happening the When the SA expires at 3600 seconds, the IOS fails
to
negotiate a new security association and we will be getting the error
2d03h: IPSEC(epa_des_crypt): decrypted packet failed SA identity check.
We were using Cisoc IOS c2600-js56i-mz.120-5.XK1 with 45MB RAM .
Can you please help me ,it willbe a great help.
Thanks and regards
Gowri Shankar
--
*************************************************************
B.GOWRI SHANKAR
NETWORK ANALYST
IT MANAGEMENT GROUP
WIPRO TECHNOLOGIES
72,ELECTRONICS CITY ,HOSUR MAIN ROAD,
BANGALORE - 521 229,INDIA
TEL: 91-80-8522280
EMAIL:gowrishankar.setty at wipro.com
www.wipro.com
The World's First SEI CMM level 5 Software Services Company
*************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20000813/cc87b463/attachment.htm
More information about the VPN
mailing list