Cisco PIX VPN site-to-site same Public Subnet

Unanswered Question
Nov 30th, 2007


I am trying to create a VPN between a Cisco Pix and a Checkpoint firewall both in the same external subnet:-

PIX Outside

Checkpoint Outside

This fails with:-

crypto_isakmp_process_block:src:, dest: spt:500 dpt:500

ISAKMP: phase 2 packet is a duplicate of a previous packet

I guess this is possible to do, as I am wanting to encrypt traffic from 2 directly connected customers as to protect both Environments.

Any help would be much appreciated.

Kind Regards


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Fri, 11/30/2007 - 06:54

If you do a search on Cisco for "checkpoint VPN" you will get some hits. Also make sure the firewall has sysopt permit ipsec.

sadcock123 Fri, 11/30/2007 - 07:00

Thank you for the info.

My main questions is should the VPN work with both public interfaces in the same subnet?



sadcock123 Fri, 11/30/2007 - 08:52


Thank you I have managed to sort the Phase 2 issue:-

crypto map rtprules 10 set security-association lifetime seconds 3600 kilobytes 4608000

Fixed the problem.

Kind Regards



This Discussion