03-21-2007 10:02 AM
Hi all,
We have some working tunnels between a Checkpoint box and a Cisco ASA. However despite this we are still seeing lots of errors for:
Rejecting Ipsec Tunnel: no matching crypto map
QM FSM error
Removing peer from correlator table failed, no match!
These all show a source address of the Checkpoint peer. This is despite phase 1 and phase 2 being established already and communication occuring properly.
Is there something that the Checkpoint unit does (tunnel check traffic for example) that is causing these errors?
03-30-2007 06:42 AM
This sample configration demonstrates how to form an IPSec tunnel with pre-shared keys to join two private networks. In our example, the joined networks are the 192.168.1.X private network inside the Cisco Secure Pix Firewall (PIX) and the 10.32.50.X private network inside the Checkpoint. It is assumed that traffic from inside the PIX and inside the Checkpoint 4.1 Firewall to the Internet (represented here by the 172.18.124.X networks) flows prior to beginning this configuration.
03-30-2007 07:45 AM
Thank you. The tunnels were coming up however the checkpoint box kept trying to build another ipsec session inside the tunnel. This is because the Checkpoint box was configured to send tunnel test packets. Adding in an ACL for interesting traffic to permit the Checkpoint peer to Cisco peer allows this ipsec session to be created and the messages have stopped.
Presumably the Checkpoint box could be configured to not send these packets as well.
02-05-2008 08:12 AM
Could you provide some more detail on this fix, I am having the same problem between a Checkpoint and our new ASA. Tunnel works but I get errors and users do experience some session issues to a server.
10-06-2010 10:34 AM
As this post is almost 4 years old, this is just a shot in the dark.
The interesting ACL for your solution was what? ESP, IP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide