[Openswan Users] Checkpoint - to - Openswan Configuration

fox at publinetwork.net fox at publinetwork.net
Wed May 31 22:26:42 CEST 2006


Hi everybody

I have a problem

I need connect a hosting server With a NG Ckeckpoint using IPSEC VPN Based
in two Phases.

I Follow some instructions with :

http://www.fw-1.de/aerasec/ng/vpn-freeswan/CP-FW1-NG+Linux-FreeSWAN-Gateway.html

But get this Messages on /var/log/secure :

----------------------------------------------------------------------
May 31 04:36:49 genesis pluto[10476]: "checkpoint-freeswan": We cannot
identify ourselves with either end of this connection.
May 31 04:36:49 genesis pluto[10476]: "net-checkpoint-net-freeswan" #1:
initiating Main Mode
May 31 04:36:49 genesis pluto[10476]: "net-checkpoint-net-freeswan" #1:
ignoring informational payload, type NO_PROPOSAL_CHOSEN
May 31 04:36:49 genesis pluto[10476]: "net-checkpoint-net-freeswan" #1:
received and ignored informational message
May 31 04:49:59 genesis pluto[10476]: "net-checkpoint-net-freeswan" #1:
max number of retransmissions (20) reached STATE_MAIN_I1.  No response (or
no acceptable response) to our first IKE message
May 31 04:49:59 genesis pluto[10476]: "net-checkpoint-net-freeswan" #1:
starting keying attempt 2 of an unlimited number
May 31 04:49:59 genesis pluto[10476]: "net-checkpoint-net-freeswan" #2:
initiating Main Mode to replace #1
May 31 04:49:59 genesis pluto[10476]: "net-checkpoint-net-freeswan" #2:
ignoring informational payload, type NO_PROPOSAL_CHOSEN
May 31 04:49:59 genesis pluto[10476]: "net-checkpoint-net-freeswan" #2:
received and ignored informational message
--------------------------------------------------------------------


My config File Is :

conn checkpoint-freeswan
        left=1.2.3.4
        right=4.3.2.1
        keyexchange=ike
        ike=3des-sha
        pfs=no
        auto=start
        authby=secret
conn net-checkpoint-net-freeswan
        type=tunnel
        left=1.2.3.4
        leftsubnet=172.16.0.0/24
        right=4.3.2.1
        rightsubnet=172.16.2.0/24
        auth=esp
        esp=3des-sha1
        pfs=no
        auto=start

The Company with NG Checkpoint i need connect to, Sendme this Information
for conenction :

>
> *Gateway Information*
>
> *VPN DEVICE*
>
> *Firewall*
> CheckPoint
>
> *Public IP *
> 111.222.333.444
>
> *VPN Description*
> VPN + 3DES
>
> *VPN Device Version*
> NG With Application Intelligence (R55) Build 127
>
> *Encription Domain
>
> aaa.bbb.ccc.ddd
>
> *Tunnel Properties*
>
> *Phase 1*
> *Authentication Method*
> Pre-Shared Secret
>
> *Encription Scheme*
> IKE
>
> *Diffie - Hellman Group*
> Group 2 (1024 bit)
>
> *AEncription Algoritm*
> 3DES
>
> *Integrity Algoritm*
> SHA-1
>
> *Aggressive Mode*
> No
>
> *Renegociation Time*
> Fase 1: 1440 minutos
> Fase 2: 3600Segundos



> *Fase 2*
>
> *Encapsulation (ESP or AH)*
> ESP
>
> *Algoritmo Encripción*
> 3DES
>
> *Integrity Algoritm*
> SHA-1
>
> *Perfect Forward Secrecy*
> No


Tanks.


Fernando





More information about the Users mailing list