[c-nsp] Cisco - Netscreen VPN
info at beprojects.com
info at beprojects.com
Thu Oct 13 09:09:34 EDT 2005
What do you have for the config on both ends? I've gotten it to work in
the past (but I don't have copies of the configs).
Peder
Ryan O'Connell wrote:
> Does anyone here have any experience in how to make a Netscreen firewall
> and Cisco router reliably talk to each other using IPSec? It seems that
> Netscreen don't support Phase 2 rekeying - so every hour (3600s) the VPN
> drops. For some reason it takes the Cisco and Netscreen anything from a
> few seconds to 15 minutes to reestablish the VPN because they disagree
> on the IPSec lifetimes. (I have no idea why it works at all) Is there
> any workaround - on either end - anyone is aware of?
>
> Unfortunately, it seems I can't use Manual Keying with IPSec Tunnel
> interfaces ("tunnel mode ipsec ipv4") as the various manual key commands
> are only available with interface crypto maps - and I can't use
> interface crypto maps as I need the endpoint of the VPN on the Cisco to
> be the loopback interface. (The router has multiple outbound interfaces)
>
> Thanks.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list