[Openswan Users] Openswan is requering internal ip from Checkpoint Cluster

Andreas Steffen andreas.steffen at strongsec.net
Mon Oct 4 21:34:17 CEST 2004


As far as I remember Checkpoint does not accept a connection proposal for
a whole subnet from your side. I think you can propose a single host
at a time only hiding behind your gateway.

Regards

Andreas

cassio.pereira at edinfor.com.br wrote:

> Andreas,
> 
> thanks by yours informations. You were correct.
> The first phase (IKE) is ok, but when one side tries to create a tunnel
> ipsec, the following information show up:
> 
> ## Log Openswan ##
> Oct  4 11:45:56 hidrogenio pluto[2989]: "checkpoint-freeswan" #1: ignoring
> informational payload, type NO_PROPOSAL_CHOSEN
> Oct  4 11:45:56 hidrogenio pluto[2989]: "checkpoint-freeswan" #1: ignoring
> informational payload, type NO_PROPOSAL_CHOSEN
> Oct  4 11:47:06 hidrogenio pluto[2989]: "checkpoint-freeswan" #3: max
> number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable
> response to our first Quick Mode message: perhaps peer likes no proposal
> Oct  4 11:47:06 hidrogenio pluto[2989]: "net-checkpoint-net-freeswan" #2:
> max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable
> response to our first Quick Mode message: perhaps peer likes no proposal
> 
> ## Log information Checkpoint ##
> 
> IKE: Quick Mode Sent Notification: no proposal chosen
> 
> I´m using 3DES + MD5. I already check if our license on Checkpoint supports
> 3DES. It is ok.
> 
> Could you help me?
> 
> Tanks,
> 
> Regards,
> 
> Cassio David Pereira
> 
> 
> 
>                                                                                                                                           
>                       Andreas Steffen                                                                                                     
>                       <andreas.steffen at str        To:       cassio.pereira at edinfor.com.br                                                 
>                       ongsec.net>                 cc:       users at openswan.org                                                            
>                                                   Subject:  Re: [Openswan Users]    Openswan is requering internal ip from Checkpoint     
>                       04/10/2004 11:08             Cluster                                                                                
>
> =======================================================================
> Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
> strongSec GmbH                    home:   http://www.strongsec.com
> Alter Zürichweg 20                phone:  +41 1 730 80 64
> CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
> ==========================================[strong internet security]===
> 
> 
> 
> 
> 
> 


-- 
=======================================================================
Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===


More information about the Users mailing list