VPN between Symantec Raptor 6.5 ---> Cisco VPN3060 concentrator

m.faling · ‎07-09-2002

Hi,

I try to establish a VPN tunnel between a Symantec Enterprise firewall (formerly known als Raptor) and a Cisco VPN 3060 concentrator.

The VPN3060 is running the latest version software 3.5.3A

Phase 1 (IKE) completes, but directly starts to rekey.

Phase 2 never really starts.

It also gives the next error :

Mismatch: Configured LAN-to-LAN proposal differs from negotiated proposal.

Verify local and remote LAN-to-LAN connection lists.

But the networks are configured correctly.

Can anybody advice ??

edadios · ‎07-09-2002

Can you try and make it more specific network on the local and remote network configured under the ipsec-lan to lan of the 3060. Instead of using a list, try and use just one specific subnet, match it with the raptor end. Make the local be the subnet of the private interface, and the remote the directly connected subnet on the private of the raptor. Then do a ping from a host behind the raptor to the private interface of the concentrator, and see if you debugs are better.

Is the debug also suggesting the same issue on the raptor end?

m.faling · ‎07-10-2002

Hi,

I already use only one subnet on both sides (local and remote).

Local I have a /27 network and remote a /26 network.

I can't access the Raptor since this a firewall of a business partner of our customer.

There have been simmilar problems between a PIX and an Raptor in the past.

The VPN3060 doesn't dsupport manual keying, else I would have tried this first.

Please advice