[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan Simpson" <jsimpson at theatsgroup dot com>
 To:  "'Philippe Lang'" <philippe dot lang at attiksystem dot ch>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] ipsec, sonicwall to m0n0wall.
 Date:  Tue, 6 Feb 2007 08:52:47 -0500 
Excuse my ignorance here, but is Enable Perfect Forward Secrecy, the ESP
setting on phase 2? If so, I want to choose AH, correct?

Otherwise those match my current settings. I'm going to try to get a webex
session or similar to eyeball the other end.

Jonathan D. Simpson
Advanced Technology Services Group
Cell 484-467-9965
Office 484-320-4302

-----Original Message-----
From: Philippe Lang [mailto:philippe dot lang at attiksystem dot ch] 
Sent: Tuesday, February 06, 2007 8:39 AM
To: Jonathan Simpson; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] ipsec, sonicwall to m0n0wall.

Jonathan Simpson wrote:
> I've been struggling with this for days.  I'm trying to establish a
> connection between us and one of our business partners, we have a
> m0n0wall at our end and they have a sonicwall. We are both using main
> mode, all other settings have been checked over to match a dozen
> times, identifier is IP. The only error I see in my logs (there are
> lots of debugs) is racoon: ERROR:    
> not acceptable Identity Protection mode.
> 
> 
> 
> I've googled this error a dozen times over and all I can find is a
> reference to doing this on a netgear and aggressive/main not
> matching.  This shouldn't be an issue there. The guy on the remote
> side claims the connection is timing out.   
> 
> 
> 
> Sorry for the long winded question, I really don't have that much
> ipsec knowledge.  I appreciate any help. 
> 
> Jonathan

Hi,

I'm personnally using the following configuration, with a sonicwall and
a monowall, and it works. You might give it a try:

Phase 1:
--------
Main Mode
DH Group: Group 2
Encryption: 3DES
Authentication: MD5

Phase 2:
--------
ESP
Encryption: 3DES
Authentication: MD5
Enable Perfect Forward Secrecy disabled


This is certainly not the best secure VPN tunnel ever, but sufficient in
our case.

I'm using monowall 1.22 and SonicOS Enhanced 3.2.0.3-54e.

Hope this helps.

Regards,

Philippe Lang


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch