cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2463
Views
0
Helpful
4
Replies

Checkpoint VPN to Cisco ASA

jason.scott
Level 1
Level 1

Hi all,

We have some working tunnels between a Checkpoint box and a Cisco ASA. However despite this we are still seeing lots of errors for:

Rejecting Ipsec Tunnel: no matching crypto map

QM FSM error

Removing peer from correlator table failed, no match!

These all show a source address of the Checkpoint peer. This is despite phase 1 and phase 2 being established already and communication occuring properly.

Is there something that the Checkpoint unit does (tunnel check traffic for example) that is causing these errors?

4 Replies 4

dsweeny
Level 3
Level 3

This sample configration demonstrates how to form an IPSec tunnel with pre-shared keys to join two private networks. In our example, the joined networks are the 192.168.1.X private network inside the Cisco Secure Pix Firewall (PIX) and the 10.32.50.X private network inside the Checkpoint. It is assumed that traffic from inside the PIX and inside the Checkpoint 4.1 Firewall to the Internet (represented here by the 172.18.124.X networks) flows prior to beginning this configuration.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008009420f.shtml

Thank you. The tunnels were coming up however the checkpoint box kept trying to build another ipsec session inside the tunnel. This is because the Checkpoint box was configured to send tunnel test packets. Adding in an ACL for interesting traffic to permit the Checkpoint peer to Cisco peer allows this ipsec session to be created and the messages have stopped.

Presumably the Checkpoint box could be configured to not send these packets as well.

Could you provide some more detail on this fix, I am having the same problem between a Checkpoint and our new ASA. Tunnel works but I get errors and users do experience some session issues to a server.

As this post is almost 4 years old, this is just a shot in the dark.

The interesting ACL for your solution was what? ESP, IP

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: