Problems With PIX to Checkpoint IPSEC VPN

Unanswered Question
Oct 4th, 2007

I'm getting nowhere with this VPN connection.

When monitoring a ping to the remote end I get an IKE SA state of MM_NO_STATE

My ISAKMP debug looks like this...

ISADB: reaper checking SA 0xfaea74, conn_id = 0

ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3

ISAKMP (0): beginning Main Mode exchange

crypto_isakmp_process_block:src:Ford, dest:OPIX spt:500 dpt:500

return status is IKMP_NO_ERR_NO_TRANS

ISAKMP (0): deleting SA: src OPIX, dst Ford

ISADB: reaper checking SA 0xfcd824, conn_id = 0 DELETE IT!

VPN Peer:ISAKMP: Peer Info for Ford/500 not found - peers:1

Any thoughts?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Thu, 10/11/2007 - 06:20

IKMP_NO_ERR_NO_TRANS just means that there are no errors but it is still not getting the encrypted traffic through. Clear the security association on both sides using clear crypto isa, clear crypto sa command and try re-establishing the connection.


This Discussion