[c-nsp] Cisco - Netscreen VPN
drobinson
drobinson at netfabric.net
Thu Oct 13 09:12:12 EDT 2005
Same here - Dont have the configs on me but will have a look. Should have copies at home, will post later this evening if still needed.
-Dave
On 13/Oct/2005 08:09:34, info at beprojects.com wrote:
>
> What do you have for the config on both ends? I've gotten it to work in
> the past (but I don't have copies of the configs).
>
> Peder
>
>
> Ryan O'Connell wrote:
> > Does anyone here have any experience in how to make a Netscreen firewall
> > and Cisco router reliably talk to each other using IPSec? It seems that
> > Netscreen don't support Phase 2 rekeying - so every hour (3600s) the VPN
> > drops. For some reason it takes the Cisco and Netscreen anything from a
> > few seconds to 15 minutes to reestablish the VPN because they disagree
> > on the IPSec lifetimes. (I have no idea why it works at all) Is there
> > any workaround - on either end - anyone is aware of?
> >
> > Unfortunately, it seems I can't use Manual Keying with IPSec Tunnel
> > interfaces ("tunnel mode ipsec ipv4") as the various manual key commands
> > are only available with interface crypto maps - and I can't use
> > interface crypto maps as I need the endpoint of the VPN on the Cisco to
> > be the loopback interface. (The router has multiple outbound interfaces)
> >
> > Thanks.
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list