IPSEC VPN - PIX to Checkpoint MM_NO_STATE

Unanswered Question
Oct 4th, 2007

I'm getting nowhere with this VPN connection.

When monitoring a ping to the remote end I get an IKE SA state of MM_NO_STATE

My ISAKMP debug looks like this...

ISADB: reaper checking SA 0xfaea74, conn_id = 0

ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3

ISAKMP (0): beginning Main Mode exchange

crypto_isakmp_process_block:src:Ford, dest:OPIX spt:500 dpt:500

return status is IKMP_NO_ERR_NO_TRANS

ISAKMP (0): deleting SA: src OPIX, dst Ford

ISADB: reaper checking SA 0xfcd824, conn_id = 0 DELETE IT!

VPN Peer:ISAKMP: Peer Info for Ford/500 not found - peers:1

Any thoughts?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Collin Clark Fri, 10/05/2007 - 07:56

Search cisco.com for 'ipsec checkpoint' and there are a couple of docs. I have followed them and been able to establish tunnels.

HTH and please rate.

ajagadee Fri, 10/05/2007 - 19:53

Hi,

Based on the output posted, the configuration is incomplete or misconfigured. For example, the line "VPN Peer:ISAKMP: Peer Info for Ford/500 not found - peers:1" says that the pix is not able to find some information related to the checkpoint peer address.

If possible, Can you post the configuration from the Pix and also outputs of "deb cry is" and "deb cry ips" from the pix when you try to bring up the tunnel.

I hope it helps.

Regards,

Arul

** Please rate all helpful posts **

JPeters322 Fri, 10/12/2007 - 11:58

Here is the config and debug output when the tunnel tries to come up.

Thanks for taking a look.

(.Txt attached)

Attachment: 

Actions

This Discussion