I am trying to establish an IPSEC tunnel with a preshared key, 3DES and DH2
EPS between my network and my client's network. I have a Win2k server
acting as a RRAS router, and a Cisco FW/Router. The Cisco is too small to
handle the encryption traffic, so I'm just using it as a port blocker. My
client is using a Cisco PIX concentrator. We've matched up our packet
filters to be copies of each other.
I can get the key pair to be created with packets from my Win2k network to
the Cisco Concentrator on the other end, but when the Cisco on the other end
tries to initiate to me, it generates an "invalid DH group" condition. Both
are configured for DH group 2. Are there ports I need to open on my
firewall to make this work?
|
Similar Threads
