Advertisement

09.06.2006 at 03:41AM PDT, ID: 21979493
[x]
Attachment Details

VPN problem between Cisco PIX 506E and Netscreen 208 OS 5.0

Asked by Geyybecca in Network Software Firewalls, Enterprise Firewalls, Cisco PIX Firewall

Tags: netscreen, pix, vpn, cisco

I am trying to set-up a policy based VPN between a Netscreen 208 OS 5.0 & a Cisco PIX 506E 6.3

Phase proposals are working fine, it fails on phase 2 error on the Netscreen is:
Received a notification message for DOI <1> <14> <NO-PROPOSAL-CHOSEN>.
Phase 2: Initiated negotiations.
Phase 1: Completed Main mode negotiations with a <28800>-second lifetime.

Phase 2 on the NS is set vpn "PIX" gateway "PIX" no-replay tunnel idletime 0 proposal "g2-esp-des-sha"

Phase 2 on the PIX is
crypto ipssec transform-set netscreen esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 3600
crypto map netscreen 10 ipsec-isakmp
crypto map netscreen 10 match address vpn
crypto map netscreen 10 set peer *.*.*.* (IP address removed)
crypto map netscreen 10 set security-association lifetime seconds 28800
crypto map netscreen interface outside


Any help with this would be very greatfully recieved, fast losing what little hair I have left!!

Start Free Trial
 
Keywords: VPN problem between Cisco PIX 506…
Title
1 Pix to Pix VPN
2 adding 2nd VPN to PIX
3 Remote access to a Pix from a Pix prot…
4 PIX
5 pix VPN
6 Dyamic to static site to site VPN with PI…
 
Loading Advertisement...
 
[+][-]09.06.2006 at 03:50AM PDT, ID: 17461985

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09.06.2006 at 05:54AM PDT, ID: 17462708

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09.06.2006 at 05:57AM PDT, ID: 17462729

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09.06.2006 at 06:30AM PDT, ID: 17462938

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Network Software Firewalls, Enterprise Firewalls, Cisco PIX Firewall
Tags: netscreen, pix, vpn, cisco
Sign Up Now!
Solution Provided By: harbor235
Participating Experts: 4
Solution Grade: B
 
 
[+][-]09.06.2006 at 08:07AM PDT, ID: 17463709

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]09.06.2006 at 08:46AM PDT, ID: 17464035

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32