[Openswan Users] Using Openswan 2.4.0 with a Watchguard
Firebox II
Michael Flaig
mflaig at pro-linux.de
Tue Jan 17 01:12:59 CET 2006
Hi Jason,
Am Montag, den 16.01.2006, 17:55 -0500 schrieb Jason Green:
> >From <my remote ip> AG-HDR ISA_SA ISA_KE ISA_NONCE ISA_ID
> ISA_VENDORID
> Proposal is unacceptable: mess_id=0
> Sending NO_PROPOSAL_CHOSEN message
> Error processing (sa)
> Agresssive Mode processing failed
> Header invalid (unable to verify, msg = ISA_SA)
>
> following by "Skipping duplicate packet from <my remote ip>"
I think I´ve had the same problem with the firebox II and OpenSwan.
If I am remembering correctly the firebox II can´t do 3des-sha1, so ike
fails. The Firebox seems to support only single des, which OpenS/Wan
could support but doesn´t for good reasons. it´s simply not secure :)
All following models are doing 3des. But I haven´t tried it with the
latest. afaik the firebox II is end-of-line without support, right?
use openswan on both sides. less pain :)
cya,
mflaig
--
Michael Flaig <mflaig at pro-linux.de>
PROLinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.openswan.org/pipermail/users/attachments/20060117/e37c8861/attachment-0001.bin
More information about the Users
mailing list