I dont know the answer right now, but Ill certainly be looking into it. I dont want to use 3DES/MD5. I prefer to go higher.
Wednesday, May 13, 2015
Check Point And Cisco: (IPSEC VPN) Phase 2 Security Association Incompatibilities
So what is it, when you have a site to site vpn between a Check Point and Cisco firewall, its sometimes near impossible to get phase 2 combinations of encryption and hash higher than 3DES/MD5 to work out. I have seen this often in the past. I go with AES-256 and SHA1. But for some reason, I get very unpredictable results. That might mean I can ping across one minute, but the next I cant. It has also meant that I can one way traffic. The thing is, that when I change to 3DES/MD5, the vpn works perfectly and consistently. So why is that?
I dont know the answer right now, but Ill certainly be looking into it. I dont want to use 3DES/MD5. I prefer to go higher.
I dont know the answer right now, but Ill certainly be looking into it. I dont want to use 3DES/MD5. I prefer to go higher.
Subscribe to:
Post Comments (Atom)
I've seen this too when running a tunnel between different brands of equipment...very irritating.
ReplyDeleteIrritating is the nice work for it.
Delete