[VPN] netscreen and ckpt ng
Volker Tanger
volker.tanger at discon.de
Thu Oct 10 10:31:22 EDT 2002
Greetings!
Watson, Travis wrote:
>
> Basically I can't get past phase 1. The consistent error message on
> checkpoint is "no subnet support in ike negotiations." I've tried
> every encryption setting possible--pfs, no pfs, aggressive, main,
> compression, no compression, etc.
>
> What in *the hell* could I be missing? It has to be obvious, but
> I've been starting at this thing for hours and can't figure it out.
On the CheckPoint you enabled "Support key axchange for subnets" for
both, the CKP and NetScreen object? That setting is a bit hidden when
editing the object: VPN / IKE -> Edit / Advanced / low left corner
The setting used to be on the IKE -> Edit properties page in the V.41
client. Yepp, took myself a bit searching some time ago, too.
Bye
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstraße 100
D-10997 Berlin
fon +49 30 6104-3307
fax +49 30 6104-3461
volker.tanger at discon.de
http://www.discon.de/
More information about the VPN
mailing list