Watchguard <-> Cisco VPN problems

From: Oscar Riverman (
Date: 07/13/04

  • Next message: Evan Joanette: "Re: Port Scanning"
    Date: Tue, 13 Jul 2004 09:31:11 +0100

    We are having trouble getting a cisco pix and a watchguard firebox II
    to establish an IPSEC VPN tunnel.
    We are using ESP/DES/MD5 and dynamic isakmp key handling.
    After defining routing policy for our two private lans and enabling
    the tunnels,
    The watchguard log shows that it is trying to do the initial key
    exchange and shows its cookie as a hex value. It reports the PIX
    cookie as
    being all zeros which looks very odd, and no traffic is able to cross
    the VPN.

    07/08/04 17:50 iked[116]: Deleting SA: peer x.x.x.x
    07/08/04 17:50 iked[116]: my_cookie 650FE360118DCBFE
    07/08/04 17:50 iked[116]: his_cookie 0000000000000000
    07/08/04 17:50 iked[116]: Cancelled acquire for channel (0)
    07/08/04 17:50 kernel: ipsec: Acquiring keys for channel 0
    07/08/04 17:50 iked[116]: ipsec_nl_catcher: Acquiring key for
    channel/policy 0/0

    At either end we cant actually see what the issue is. Anyone have any


  • Next message: Evan Joanette: "Re: Port Scanning"

    Relevant Pages