[Openswan Users] Checkpoint VPN

Chris Berry chris_berry-list-openswan at jm-associates.com
Mon Oct 25 13:20:17 CEST 2004

Paul Wouters wrote:

> What happens if you do not specify ike= and esp= lines?

Can you do that?

> Another atempt you can try is esp=3des-sha1-96 and/or
> ike=aes128-sha-modp1024,3des-sha-modp1024.
> It would help if you know what the other end has configured,

Not sure how I would post that, I'll check with them.

> so you can
> correctly specify the precise phase 1 and phase 2 encryption ciphers and
> algorithms.
> Paul

Our first attempt at a fix was to ensure that both sides were using as 
similiar a configuration as possible as far as IKE and ESP are concerned.

Chris Berry
chris_berry at jm-associates.com
Systems Administrator
JM Associates & Coast Business Service

"This message written on our state-of-the-art beowulf cluster of 
nitrogen cooled, overclocked C64's"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20041025/2ed543d5/signature.bin

More information about the Users mailing list