Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » IPsec Tunnel
  •  
jaapzee

Messages: 2
Karma: 0
Send a private message to this user
I'm trying to setup an IPsec tunnel to a third party (not using Kerio). I keep getting "None of the proposed crypto suites was acceptable."

Where can I configure the crypto suites?
  •  
Brian Carmichael (Kerio)

Messages: 662
Karma: 66
Send a private message to this user
This KB article may help http://kb.kerio.com/1390

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
jaapzee

Messages: 2
Karma: 0
Send a private message to this user
I've read that article. This is the configuration I received from the third party:

Phase 1
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp policy 20
encr aes 256
hash md5
authentication pre-share
group 2
lifetime 3600

Phase 2
esp-aes esp-md5-hmac

As far as I understand this should be supported, we're using preshared key (IKE ciphers displayed in the VPN Server Properties dialog are recommended. However, Kerio Control is able to work with ciphers described in this article). Or, am I wrong.
  •  
Brian Carmichael (Kerio)

Messages: 662
Karma: 66
Send a private message to this user
I believe it should work, however it may require some investigation into the debug logs. I suggest to contact our technical support team.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
mlee (Kerio)

Messages: 246
Karma: 16
Send a private message to this user

Check all checkboxes under IPsec in Debug log messages, retest the tunnel and post the result (Replace your private information if necessary), should be able to see more reasons with the issue.

M.

PTSD. BP. OCD. ASPD. BPD. Certified.
  •  
ICT and Me

Messages: 935

Karma: 53
Send a private message to this user
Hi Jaap,

Did you solve the IPsec connection?
It can be easy one or more difficult depending what brand the other party is.


ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
Previous Topic: Kerio Content Filter - Rules
Next Topic: ticket system agressiveness
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat May 27 12:10:50 CEST 2017

Total time taken to generate the page: 0.01142 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.