[Openswan Users] Problems with Checkipoint
Ronaldo Santos (terra)
rosuport at terra.com.br
Wed Nov 3 14:50:10 EDT 2010
Good Aftrnoon,
I'm having a problem to configure Openswan with Checkpoint FW-1 (Nokia IO290).
I think it is missing some parameters in my ipsec.conf.
Can someone help me?
The subnet the openswan: 10.138.66.0/24
ipsec.conf
config setup
interfaces=%defaultroute
klipsdebug=all
plutodebug=all
uniqueids=yes
nat_traversal=yes
conn site1
keylife=1h
ikelifetime=24h
aggrmode=no
type=tunnel
left=yyy.yyy.yyy.yyy
leftsubnet=10.138.66.0/24
right=xxx.xxx.xxx.xxx
rightsubnet=10.97.64.0/24
keyexchange=ike
auth=esp
auto=start
authby=secret
ike=3des-sha1;modp1024
esp=3des-md5
pfs=no
The subnet the checkpoint: 10.97.64.0/24
Praxair
VPN gateway device
Nokia IP290
VPN gateway Software
Checkpoint FW-1
IP Address tunnel endpoint
xxx.xxx.xxx.xxx
Encryption Domain
tbd
Phase 1
Encryption schemes IKE
Key exchange Method
3DES
Data integrity
SHA1
Pre-Shared-Key
tbd
Diffie-Hellman Group
Group 2
IKE session key is changed.
86400 seconds
Support Aggressive Mode
NO
Support Keys exchange for Subnets
YES
Phase 2
Encryption schemes IKE
DATA Integrity + Encr.
ESP
Encryption Algorithm
3DES
Data Integrity
MD5
Compression Method
No compression
Use Perfect Forward Secrecy
NO
IPSec session key is changed
3600 seconds
seconds
Ronaldo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101103/1d65c359/attachment-0001.html
More information about the Users
mailing list