GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Control » IPsec Tunnel
IPsec Tunnel [message #118864] Mon, 26 January 2015 14:10 Go to next message
jaapzee is currently offline  jaapzee
Messages: 2
Registered: January 2015
I'm trying to setup an IPsec tunnel to a third party (not using Kerio). I keep getting "None of the proposed crypto suites was acceptable."

Where can I configure the crypto suites?

Report message to a moderator

Re: IPsec Tunnel [message #118867 is a reply to message #118864] Mon, 26 January 2015 17:49 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
This KB article may help http://kb.kerio.com/1390

Brian Carmichael
Instructional Content Architect

Report message to a moderator

Re: IPsec Tunnel [message #118870 is a reply to message #118867] Mon, 26 January 2015 18:15 Go to previous messageGo to next message
jaapzee is currently offline  jaapzee
Messages: 2
Registered: January 2015
I've read that article. This is the configuration I received from the third party:

Phase 1
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp policy 20
encr aes 256
hash md5
authentication pre-share
group 2
lifetime 3600

Phase 2
esp-aes esp-md5-hmac

As far as I understand this should be supported, we're using preshared key (IKE ciphers displayed in the VPN Server Properties dialog are recommended. However, Kerio Control is able to work with ciphers described in this article). Or, am I wrong.

Report message to a moderator

Re: IPsec Tunnel [message #118931 is a reply to message #118870] Wed, 28 January 2015 16:43 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
I believe it should work, however it may require some investigation into the debug logs. I suggest to contact our technical support team.

Brian Carmichael
Instructional Content Architect

Report message to a moderator

Re: IPsec Tunnel [message #118944 is a reply to message #118864] Thu, 29 January 2015 01:04 Go to previous messageGo to next message
mlee (Kerio)
Messages: 211
Registered: October 2012
Location: Sydney

Check all checkboxes under IPsec in Debug log messages, retest the tunnel and post the result (Replace your private information if necessary), should be able to see more reasons with the issue.

M.

PTSD. BP. OCD. ASPD. BPD. Certified.

Report message to a moderator

Re: IPsec Tunnel [message #119119 is a reply to message #118944] Thu, 05 February 2015 16:25 Go to previous message
ictandme is currently offline  ictandme
Messages: 370
Registered: August 2009
Location: Netherlands
Hi Jaap,

Did you solve the IPsec connection?
It can be easy one or more difficult depending what brand the other party is.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.com

Report message to a moderator

Previous Topic: Kerio Content Filter - Rules
Next Topic: ticket system agressiveness
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Wed Mar 22 11:26:19 CET 2023

Total time taken to generate the page: 0.01667 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software