I have had this problem with the VendorID and had found no way to disable... I had to work with Cisco as it was an issue where their IOS was not IKE RFC compliant...
-Alan Cupernall Server Engineer Kinney Drugs Inc. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Joao Santos Sent: Monday, November 08, 2004 7:44 AM To: [EMAIL PROTECTED] Subject: [FW-1] disabling vendorID checking Hi friends. I'm trying to setup a VPN between my NG FP3 firewall and a peer that I don't really know or have that much info about. I know it's used as RADIUS/NAS for modems using cellular technology. I've setup the connection using 3DES/SHA1/preshared and it's all correct. I get an error saying either "IKE: Main Mode: failed to match proposal DES, SHA1, Pre-shared secret, Group 2 (1024 bit)" or "IKE: Main Mode: No matching encryption methods between myself and the peer" The peer assured they were using 3DES, not DES. I tried to enable DES on my side and still didn't work. The peer did a packet capture and analysis with his vendor and said that my fw1 is not allowing the vpn to work because it's dropping packets due to it being unable to recognize the VendorID. He asked me if I could disable VendorID checking, but I found no way to do this, and my google search has been in vain. Do you have an idea if it's possible to disable vendor id checking? For some info: I'm using traditional mode and have the rules in place. Hope I was clear enough. Thanks in advance, Jo�o. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= This message is confidential, intended only for the named recipient(s) and may contain information that is privileged or exempt from disclosure under applicable law. If you are not the intended recipient(s), you are notified that the dissemination, distribution or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at either the e-mail address or telephone number above and delete this e-mail from your computer. Thank you. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
