I've never been able to get Checkpoint R55w and either Cisco Pix or IOS firewall
to communicate with each other via VPN using third party certificatate (i.e.
Microsoft Certificate). I opened a TAC case with Nokia and Cisco and they
both
blamed one another and I ended up closing the case out of frustration.
If you can get it working, please share with us how you did it. The error I
am getting
is exactly the same as yours. I even disable CRL checking but my VPN still
failed
on Quick Mode (phase II)
Information Technology <it AT KARENITA DOT DE> wrote:
Hi all,
has anybody setup an VPN between CP VPN-1 R60 HFA03 and Linux OpenSwan?
We try to setup this vpn with certificats.
I've build a trustedCA, which is a system on the vpn partner site. Then
generate a certificate request for my cluster object, this request is
signed by my vpn partners ca, i got the result and complete the
certificate request successful.
On the interoperable device object --> VPN --> Matching criteria i use
the trustedCA as "Gateway must present a certificate issued by CA",
without matching DN, IP-Address or e-mail.
By vpn tunnel initiate we got the error message: IKE: Quick Mode
Received Notification from Peer: invalid key Information
Has anybody a successful example, how to setup an certificate based vpn
between CP and OpenSwan with an external CA?
Joerg
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates
starting at 1¢/min.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
