Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

IPSec VPN using Symantec VPN Appliances

From: "Larry Youngquist" <lyoungquist () hotmail com>
Date: Mon, 9 Sep 2002 11:25:25 -0700
We're trying to establish a IPSec VPN tunnel between two Symantec VPN
appliances and receiving an error after the tunnel has been established.  I
have one unit on a screened subnet sitting behind a Checkpoint NG firewall
and another on a public interface.   The Checkpoing NG firewall has a policy
of allowing IPSec through it (UDP 500, IP 50 and IP 51).

The negotiation between the two devices starts and the ISAKMP and IPSec SA's
are established.   But almost immediately, I get an error message from the
one end that states, "ERR:size (300) differs from size specified in ISAKMP
HDR (40) (null): Unequal_Payload_Lengths".   The connection is then
terminated.

Is it possible that the firewall is modifying the packets as they pass
through?

We're using a pre-shared secret and tested these units in the lab with only
a router between them.

Thanks in advance,

Larry
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: