Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1972
Views
0
Helpful
1
Replies

3des vs. 3des-cbc

seagordo
Level 1
Level 1

‎12-09-2004 01:43 PM - edited ‎03-09-2019 09:42 AM

I'm trying to troubleshoot a PIX to Checkpoint site2site VPN tunnel. The IKE proposals don't appear to be matching. Based on the debug output, the PIX is operating 3des in CBC mode. We've got the Checkpoint configed for 3des.

My question:

Will the PIX in 3DES-Cipher Block Chaining (CBC) mode work with a Checkpoint in 3DES mode? Haven't found anything specific via google so I though I'd ask the experts.

Thanks,

Sean

Labels:
0 Helpful
1 Reply 1

Patrick Iseli
Level 7
Level 7

‎12-09-2004 07:22 PM

Yes it will but:

1.) Configure the PIX on CheckPoint as en Embedded device.

2.) DH Group 2 seens to bug with Cisco Try DH Group 1

3.) Keepalive timers must be the same

4.) The access-list in the PIX that should correspond to the encryption domain on the checkpoint firewall. Exactly the same subnet maks.

PIX(config)# access-list VPN permit ip Internalnet ISubnet Externalnet ESubnet

PIX(config)# crypto map REMOTE 10 match address VPN

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents