VPN connection fails.

Kirtikumar Satam kgsatam at INFOSEC.FEDEX.COM
Sun Aug 13 23:11:57 EDT 2000


I was able to get IKE VPN between CISCO 12.0(7)T (in fact some other
variants too) and checkpoint 2000 (aka 4.1) without much problem. I have not
noticed MTU problem like the one mentioned in other post. But then, I did
not specifically tried that.
On the other hand, we had bunch of problems with Netscreen and Checkpoint.
Luckily, Netscreen came thru' with many patched to their BIOS and after a
few ones, we do have a stable VPN between the two, except netscreen does not
seem to handle tunnels to multiple subnet at a time.

In short, apart of upgrading the IOS as mentioned, make sure that you have
latest BIOS for Netscreen.

Kirtikumar Satam
Technical Advisor/Information Security R&D
IT Engineering
FedEx Corp

  -----Original Message-----
  From: VPN Mailing List [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of Gowri
Shankar Bhogisetty
  Sent: Wednesday, August 09, 2000 11:55 AM
  To: VPN at SECURITYFOCUS.COM
  Subject: VPN connection fails.


  Hi ,
  We are established VPN connectivity between 2611 cisco router and
Netscreen VPN .

  What is happening the When the SA expires at 3600 seconds, the IOS fails
to
   negotiate a new security association and we will be getting the error
2d03h: IPSEC(epa_des_crypt): decrypted packet failed SA identity check.

  We were using Cisoc IOS c2600-js56i-mz.120-5.XK1 with 45MB RAM .

  Can you please help me ,it willbe a great help.

  Thanks and regards

  Gowri Shankar

  --
  *************************************************************
  B.GOWRI SHANKAR
  NETWORK ANALYST
  IT MANAGEMENT GROUP
  WIPRO TECHNOLOGIES
  72,ELECTRONICS CITY ,HOSUR MAIN ROAD,
  BANGALORE - 521 229,INDIA
  TEL: 91-80-8522280
  EMAIL:gowrishankar.setty at wipro.com
  www.wipro.com
  The World's First SEI CMM level 5 Software Services Company
  *************************************************************


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20000813/cc87b463/attachment.htm 


More information about the VPN mailing list