[Openswan Users] Checkpoint VPN
Chris Berry
chris_berry-list-openswan at jm-associates.com
Mon Oct 25 13:20:17 CEST 2004
Paul Wouters wrote:
> What happens if you do not specify ike= and esp= lines?
Can you do that?
> Another atempt you can try is esp=3des-sha1-96 and/or
> ike=aes128-sha-modp1024,3des-sha-modp1024.
>
> It would help if you know what the other end has configured,
Not sure how I would post that, I'll check with them.
> so you can
> correctly specify the precise phase 1 and phase 2 encryption ciphers and
> algorithms.
>
> Paul
Our first attempt at a fix was to ensure that both sides were using as
similiar a configuration as possible as far as IKE and ESP are concerned.
--
Chris Berry
chris_berry at jm-associates.com
Systems Administrator
JM Associates & Coast Business Service
"This message written on our state-of-the-art beowulf cluster of
nitrogen cooled, overclocked C64's"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20041025/2ed543d5/signature.bin
More information about the Users
mailing list