The action Encrypt only shows up when you are on Traditional Mode. If
you are on Simplified mode, you'll have to configure a VPN Community.
L.
On Thu, 2003-10-23 at 17:37, Ivan Rodriguez Aguilar - CNDI wrote:
> had somebody lograte configure a vpn between checkpoint fp3 and freeswan-1.99
> o any version the freeswan ??
>
>
> hello list
> this is my ipsec.conf
>
> conn check-encdomlinx
> type=tunnel
> left=148.223.133.234
> leftnexthop=148.223.133.225
> leftsubnet=192.168.64.0/24
> right=200.95.38.193
> rightnexthop=148.223.182.205
> rightsubnet=192.168.65.0/24
> keyexchange=ike
> auth=esp
> pfs=no
>
> the ipsec.secrets
>
> 200.x.x.x 148.x.x.x "secretkey"
>
>
> in my checkpoint i had define my vpn community. iam following the how to
> found in the www.freeswan.org but when i did create the rule y dont
> found the option encryption in the column action only i have
> accept or drop or reject but not encryption option
>
>
>
> the freeswan log
>
>
> Oct 20 11:36:51 cordoba pluto[26742]: Starting Pluto (FreeS/WAN Version 1.99)
> Oct 20 11:36:52 cordoba pluto[26742]: listening for IKE messages
> Oct 20 11:36:52 cordoba pluto[26742]: adding interface ipsec0/ppp0
> 200.95.38.193
> Oct 20 11:36:52 cordoba pluto[26742]: adding interface ipsec1/eth1
> 192.168.65.50
> Oct 20 11:36:52 cordoba pluto[26742]: loading secrets from
> "/etc/ipsec.secrets"
> Oct 20 11:36:52 cordoba pluto[26742]: added connection description
> "check-encdomlinx"
> Oct 20 11:36:52 cordoba pluto[26742]: "check-encdomlinx" #1: initiating Main
> Mode
> Oct 20 11:36:52 cordoba pluto[26742]: "check-encdomlinx" #1: ISAKMP SA
> established
> Oct 20 11:36:52 cordoba pluto[26742]: "check-encdomlinx" #2: initiating Quick
> Mode PSK+ENCRYPT+TUNNEL+DISABLEARRIVALCHECK
> Oct 20 11:36:52 cordoba pluto[26742]: "check-encdomlinx" #2: ignoring
> informational payload, type IPSEC_RESPONDER_LIFETIME
> Oct 20 11:36:52 cordoba pluto[26742]: "check-encdomlinx" #2: sent QI2, IPsec
> SA
> established
>
>
> the warning
>
> "check-encdomlinx" #1: cannot respond to IPsec SA request because no
> connection
> is known for 200.95.38.193...148.223.133.234
> Oct 20 11:38:07 cordoba pluto[26742]: "check-encdomlinx" #1: Quick Mode I1
> message is unacceptable because it uses a previously used Message ID
> 0x06898e24
> (perhaps this is a duplicated packet)
>
>
> thanks in advance and excusme for my english
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
