[danzaka]

has anyone encouter souch a thing when the edge cannot install policy becuase its to BIG ??? ( i have 740 rules and 200 nat`s )
the vpn tunnles wont work due "no proposle chosen"" , as you can see i tried the clock adjustment with no good .

i am on R55 HFA20 ,the VPN-1 is version 7.0.48 ( it had the same problem at version 6 so i tried to update the firmware... no luck there ... )
Lib files are updated ...

here is the log from the edge :

00010 19Sep2007 16:47:48 Failed to install updated security policy
00009 19Sep2007 16:47:48 Error: File size too big or wrong format (size = 429585, maxSize =409599)
00008 19Sep2007 16:47:34 Failed to establish VPN Tunnel with 1.1.11.1: no proposal chosen
00007 19Sep2007 16:47:31 The clock was adjusted from 19Sep2007 16:58:39 to 19Sep2007 16:47:31


Here is the log from the tracker :

Number: 124377
Date: 19Sep2007
Time: 1:32:12
Product: VPN-1 & FireWall-1
Interface: eth0
Origin: FW-Dallas (1.1.1.2)
Type: Log
Action: Accept
Protocol: udp
Service: ISAKMP (500)
Source: 1-1-1-5.static.twtelecom.net (1.1.1.5)
Destination: FW-Dallas (1.1.1.2)
Rule: 0 - Implied Rules
Source Port: ISAKMP (500)
Information: message_info: Implied rule

Number: 124401
Date: 19Sep2007
Time: 1:32:13
Product: VPN-1 & FireWall-1
Interface: daemon
Origin: FW-Dallas (1.1.1.2)
Type: Log
Action: Reject
Reject Reason: IKE failure
Source: 1-1-1-5.static.twtelecom.net (1.1.1.5)
Destination: FW-Dallas (1.11.1.2)
Encryption Scheme: IKE
VPN Peer Gateway: 1-1-1-5.static.twtelecom.net (1.1.1.5)
Information: IKE: Main Mode Missing IKE configuration for peer (authentication or encryption or hash)