Pix - Netscreen IPSec w/certs interoperability

fellow bit-bangers, Is trying to configure an IPSec tunnel between a Netscreen and a Pix using certificates for authentication a fool's errand? Myself and a colleague have been working this off and on for several days. A tunnel using pre-shared keys comes up just fine but when using certs issued by

his CA, we get obscure errors. When I ping Cisco tech support about it, they reply "not supported". Are they just being obstructive or do wizards on this list know of technical reasons why this won't work? tia, jd

Reply to
jd
Loading thread data ...

That would be a *very* tough interop, I don't think either side will likely help you. You'd need a third party expert in both technologies, of which I don't think there are lots around.

All I can say is initiate from the Cisco to the NetScreen, then use the NetScreen's excellent advanced debugging, it gives a lot of info.

(command line)

undebug all clear db debug ike detail

get db st

etc...

It's a tough one, but perhaps not impossible...

-Russ.

Reply to
Somebody.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.