GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Control » IPsec Tunnel
IPsec Tunnel [message #118864] Mon, 26 January 2015 14:10 Go to next message
jaapzee is currently offline  jaapzee
Messages: 2
Registered: January 2015
I'm trying to setup an IPsec tunnel to a third party (not using Kerio). I keep getting "None of the proposed crypto suites was acceptable."

Where can I configure the crypto suites?
Re: IPsec Tunnel [message #118867 is a reply to message #118864] Mon, 26 January 2015 17:49 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
This KB article may help http://kb.kerio.com/1390

Brian Carmichael
Instructional Content Architect
Re: IPsec Tunnel [message #118870 is a reply to message #118867] Mon, 26 January 2015 18:15 Go to previous messageGo to next message
jaapzee is currently offline  jaapzee
Messages: 2
Registered: January 2015
I've read that article. This is the configuration I received from the third party:

Phase 1
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp policy 20
encr aes 256
hash md5
authentication pre-share
group 2
lifetime 3600

Phase 2
esp-aes esp-md5-hmac

As far as I understand this should be supported, we're using preshared key (IKE ciphers displayed in the VPN Server Properties dialog are recommended. However, Kerio Control is able to work with ciphers described in this article). Or, am I wrong.
Re: IPsec Tunnel [message #118931 is a reply to message #118870] Wed, 28 January 2015 16:43 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
I believe it should work, however it may require some investigation into the debug logs. I suggest to contact our technical support team.

Brian Carmichael
Instructional Content Architect
Re: IPsec Tunnel [message #118944 is a reply to message #118864] Thu, 29 January 2015 01:04 Go to previous messageGo to next message
mlee (Kerio)
Messages: 211
Registered: October 2012
Location: Sydney

Check all checkboxes under IPsec in Debug log messages, retest the tunnel and post the result (Replace your private information if necessary), should be able to see more reasons with the issue.

M.


PTSD. BP. OCD. ASPD. BPD. Certified.
Re: IPsec Tunnel [message #119119 is a reply to message #118944] Thu, 05 February 2015 16:25 Go to previous message
ictandme is currently offline  ictandme
Messages: 370
Registered: August 2009
Location: Netherlands

Hi Jaap,

Did you solve the IPsec connection?
It can be easy one or more difficult depending what brand the other party is.



ICT and Me
Carlo Turk
The Netherlands
www.ictandme.com
Previous Topic: Kerio Content Filter - Rules
Next Topic: ticket system agressiveness
Goto Forum:
  


Current Time: Mon Oct 02 21:34:01 CEST 2023

Total time taken to generate the page: 0.10148 seconds