[VPN] Problems between FreeBSD and Netscreen
Yang Lee
ylee at net50.com
Tue Oct 29 18:39:10 EST 2002
What's the version of your ScreenOS? Can you borrow a NS box for testing in
the lab? Also if you (your client) have a support contract with Netscreen,
you'll find out they are very helpful.
Regards,
-----Original Message-----
From: vpn-admin at lists.shmoo.com [mailto:vpn-admin at lists.shmoo.com]On
Behalf Of Mike Insch
Sent: Tuesday, October 29, 2002 4:51 AM
To: vpn at lists.shmoo.com
Subject: [VPN] Problems between FreeBSD and Netscreen
I am trying to set up an IPSec VPN between a FreeBSD Box (FreeBSD
4.6.2-RELEASE with Racoon-20020507a), and a Netscreen 25. I only have
control of the FreeBSD box, the Netscreen belongs to a client.
I Think I have the SPD Entries configured correctly, and I am reasonably
sure that the racoon.conf file is right, but I am still getting Timeouts at
IKE Phase 1.
I am using 3DES, SHA1 and DH Group 5 (mdop1536). I can get a good
traceroute from the BSD Box to the final hop before the NS25 (the NS is
blackholeing all ICMP), so I am confident that general communications to
the NS Box is good.
Does anyone have any suggestions as to where I can look to see what may be
causing the timeout problem? Has anyone successfully got FreeBSD speaking
to an NS25? If you have, would you mind posting example configs for Racoon
and for the NS (that way I can ask my client to verify his end of the
link)?
Any assistance would be greatly appreciated,
Kind Regards,
Mike Insch,
IT Engineer.
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
More information about the VPN
mailing list