[VPN] Problems between FreeBSD and Netscreen

Mike Insch vofka at hotpop.com
Tue Oct 29 07:50:46 EST 2002


I am trying to set up an IPSec VPN between a FreeBSD Box (FreeBSD 
4.6.2-RELEASE with Racoon-20020507a), and a Netscreen 25.  I only have 
control of the FreeBSD box, the Netscreen belongs to a client.

I Think I have the SPD Entries configured correctly, and I am reasonably 
sure that the racoon.conf file is right, but I am still getting Timeouts at 
IKE Phase 1.

I am using 3DES, SHA1 and DH Group 5 (mdop1536).  I can get a good 
traceroute from the BSD Box to the final hop before the NS25 (the NS is 
blackholeing all ICMP), so I am confident that general communications to 
the NS Box is good.

Does anyone have any suggestions as to where I can look to see what may be 
causing the timeout problem?  Has anyone successfully got FreeBSD speaking 
to an NS25?  If you have, would you mind posting example configs for Racoon 
and for the NS (that way I can ask my client to verify his end of the 
link)?

Any assistance would be greatly appreciated,
Kind Regards,
Mike Insch,
IT Engineer.





More information about the VPN mailing list