Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1386
Views
0
Helpful
3
Replies

VPN tunnel problem with PIX506e with IOS 6.3 ver

raju
Level 1
Level 1

‎08-04-2006 05:47 AM

Hi,

I have a PIX506e with IOS 6.3, trying to create a VPN tunnel with Netscreen204 firewall. At netscreen side, they have chosen pre-g2-3des-md5 --as phase 1 proposal & nopfs-esp-3des-md5--as phase 2 proposal . VPN tunnel is not getting established with Netscreen 204 .What are the equivalent parameters in PIX I have to choose in PIX for phase1 and phase2 in PIX side?.

Appreciated for ur quick reply.

Regards,

Raju

Labels:
0 Helpful
3 Replies 3

m.sir
Level 7
Level 7

‎08-04-2006 06:08 AM

Phase I.

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

Phase II.

crypto ipsec transform-set set_name esp-3des esp-md5-hmac

M.

Hope that helps rate if it does

0 Helpful

raju
Level 1
Level 1
In response to m.sir

‎08-04-2006 06:24 AM

Thanks M for ur quick reply. To give a quick , in Netscreen side, user is getting the floowing error in the log.

Phase 1: Main mode negotiations have failed.

Phase-1: no user configuration was found for the received IKE ID type: FQDN,2

0 Helpful

abdel_n
Level 1
Level 1
In response to raju

‎08-09-2006 02:24 AM

Hi,

There is peer authentication problem in the IKE phase I.

Did you set the pre-shared key on the PIX?:

isakmp key address netmask 255.255.255.255

Also you have to set the same pre-shared key on the netscreen.

I hope this will help

Good work!

0 Helpful
Customers Also Viewed These Support Documents