This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with a VPN between Astaro - Netscreen / rekeying

Hi everybody,

I have some problems with a Lan-Lan VPN between a Netscren box and a Astaro solution. After some time (often after 3600 sec, the lifetime of phase2), the SA's get out of sync and I reviece a huge number of 'Received a bad SPI ' messages on my netscreen device. As I built up a lot of vpn's between netscreen devices, a assume that I made a mistake on the Astaro side - but I don't know what.
Any hints?

Thanks!

This thread was automatically locked due to age.

Parents

0 Damien Flasse over 22 years ago

Hi,

I must confess I'm VERY interested in how you managed to configure your netscreen to interop with Astaro. If you've any procedure, I'd be gratefull if you could post it for me.

Thanks in advance
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Damien Flasse over 22 years ago

Hi,

I must confess I'm VERY interested in how you managed to configure your netscreen to interop with Astaro. If you've any procedure, I'd be gratefull if you could post it for me.

Thanks in advance
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Martin Rinas over 22 years ago in reply to Damien Flasse

Hi Damien,

that shouldn't be a secret at all [;)]
On the netscreen-side, i just created a vpn with
* preshared-keys
* static remote ip-adress
* p1 proposal pre-g2-3des-sha
* p2 proposal g2-esp-3des-sha
* and enabled replay-protection

on the astaro-side I added the preshared-keys and defined the vpn according to the settings on the netscreen. Left subnet is the local subnet of the lan, left ip the external (!) ip-adress of the astaro-box, right subnet is the remote-lan, right ip the external ip of your netscreen...

that's all - it should work!
Cancel
Vote Up 0 Vote Down

Cancel