[Openswan Users] Using Openswan 2.4.0 with a Watchguard Firebox II

Michael Flaig mflaig at pro-linux.de
Tue Jan 17 01:12:59 CET 2006


Hi Jason,

Am Montag, den 16.01.2006, 17:55 -0500 schrieb Jason Green:
> >From <my remote ip> AG-HDR  ISA_SA ISA_KE ISA_NONCE ISA_ID
> ISA_VENDORID
> Proposal is unacceptable: mess_id=0
> Sending NO_PROPOSAL_CHOSEN message
> Error processing (sa)
> Agresssive Mode processing failed
> Header invalid (unable to verify, msg = ISA_SA)
> 
> following by "Skipping duplicate packet from <my remote ip>"

I think I´ve had the same problem with the firebox II and OpenSwan.

If I am remembering correctly the firebox II can´t do 3des-sha1, so ike
fails. The Firebox seems to support only single des, which OpenS/Wan
could support but doesn´t for good reasons. it´s simply not secure :)
All following models are doing 3des. But I haven´t tried it with the
latest. afaik the firebox II is end-of-line without support, right?

use openswan on both sides. less pain :)

cya,

	mflaig

-- 
Michael Flaig <mflaig at pro-linux.de>
PROLinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.openswan.org/pipermail/users/attachments/20060117/e37c8861/attachment-0001.bin


More information about the Users mailing list