Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A Perl script for configuring and starting racoon' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A Perl script for configuring and starting racoon
Authored by: tji on Feb 13, '04 07:42:29PM

A bit more on using FireWall-1 / VPN-1

- Aggressive mode MUST be enabled to use shared secrets. I vaguely recall this being a limitation of IPSec/IKE that causes this. The config for aggressive mode is kinda hidden. In the Firewall object, VPN->Traditional Mode Configuration->Advanced->Support Aggressive Mode

- Changing the user settings to 3des encryption allows the default script settings to work fine. Either set 3DES as the global user setting under Global->Remote Access->VPN-Advanced, or de-select the option to "Enforce Encryption Algorithm ... on all users" on that same page - then set 3DES on the individual user's settings.

FYI - A symptom of using "Aggressive Mode" and shared secrets is that the User ID will be sent in the clear. This is why it is disabled by default. So, if you use this, pick a good password. Or, better yet, get the certificates working.



[ Reply to This | # ]