11-30-2007 06:45 AM - edited 03-03-2019 07:44 PM
Hello,
I am trying to create a VPN between a Cisco Pix and a Checkpoint firewall both in the same external subnet:-
PIX Outside 172.20.30.1/25
Checkpoint Outside 172.20.30.2/25
This fails with:-
crypto_isakmp_process_block:src:172.20.30.1, dest:172.20.30.2 spt:500 dpt:500
ISAKMP: phase 2 packet is a duplicate of a previous packet
I guess this is possible to do, as I am wanting to encrypt traffic from 2 directly connected customers as to protect both Environments.
Any help would be much appreciated.
Kind Regards
Steven
11-30-2007 06:54 AM
If you do a search on Cisco for "checkpoint VPN" you will get some hits. Also make sure the firewall has sysopt permit ipsec.
11-30-2007 07:00 AM
Thank you for the info.
My main questions is should the VPN work with both public interfaces in the same subnet?
Cheers
Steven
11-30-2007 07:03 AM
Sorry, yes you should be able to do that.
11-30-2007 08:52 AM
Hello,
Thank you I have managed to sort the Phase 2 issue:-
crypto map rtprules 10 set security-association lifetime seconds 3600 kilobytes 4608000
Fixed the problem.
Kind Regards
Steven
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: