IPSEC VPN - PIX to Checkpoint MM_NO_STATE

Unanswered Question
Oct 4th, 2007
User Badges:

I'm getting nowhere with this VPN connection.


When monitoring a ping to the remote end I get an IKE SA state of MM_NO_STATE


My ISAKMP debug looks like this...


ISADB: reaper checking SA 0xfaea74, conn_id = 0

ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3

ISAKMP (0): beginning Main Mode exchange

crypto_isakmp_process_block:src:Ford, dest:OPIX spt:500 dpt:500

return status is IKMP_NO_ERR_NO_TRANS

ISAKMP (0): deleting SA: src OPIX, dst Ford

ISADB: reaper checking SA 0xfcd824, conn_id = 0 DELETE IT!


VPN Peer:ISAKMP: Peer Info for Ford/500 not found - peers:1


Any thoughts?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Collin Clark Fri, 10/05/2007 - 07:56
User Badges:
  • Purple, 4500 points or more

Search cisco.com for 'ipsec checkpoint' and there are a couple of docs. I have followed them and been able to establish tunnels.


HTH and please rate.

ajagadee Fri, 10/05/2007 - 19:53
User Badges:
  • Cisco Employee,

Hi,


Based on the output posted, the configuration is incomplete or misconfigured. For example, the line "VPN Peer:ISAKMP: Peer Info for Ford/500 not found - peers:1" says that the pix is not able to find some information related to the checkpoint peer address.


If possible, Can you post the configuration from the Pix and also outputs of "deb cry is" and "deb cry ips" from the pix when you try to bring up the tunnel.


I hope it helps.


Regards,

Arul


** Please rate all helpful posts **

JPeters322 Fri, 10/12/2007 - 11:58
User Badges:

Here is the config and debug output when the tunnel tries to come up.


Thanks for taking a look.


(.Txt attached)



Attachment: 

Actions

This Discussion