Watchguard <-> Cisco VPN problems

• Previous message: Barry: "Re: Port 113"
• Next in thread: Leythos: "Re: Watchguard <-> Cisco VPN problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 13 Jul 2004 09:31:11 +0100

We are having trouble getting a cisco pix and a watchguard firebox II
to establish an IPSEC VPN tunnel.
We are using ESP/DES/MD5 and dynamic isakmp key handling.
After defining routing policy for our two private lans and enabling
the tunnels,
The watchguard log shows that it is trying to do the initial key
exchange and shows its cookie as a hex value. It reports the PIX
cookie as
being all zeros which looks very odd, and no traffic is able to cross
the VPN.

07/08/04 17:50 iked[116]: Deleting SA: peer x.x.x.x
07/08/04 17:50 iked[116]: my_cookie 650FE360118DCBFE
07/08/04 17:50 iked[116]: his_cookie 0000000000000000
07/08/04 17:50 iked[116]: Cancelled acquire for channel (0)
07/08/04 17:50 kernel: ipsec: Acquiring keys for channel 0
07/08/04 17:50 iked[116]: ipsec_nl_catcher: Acquiring key for
channel/policy 0/0

At either end we cant actually see what the issue is. Anyone have any
ideas?

TIA

• Previous message: Barry: "Re: Port 113"
• Next in thread: Leythos: "Re: Watchguard <-> Cisco VPN problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]