IPSEC VPN between Checkpoint & Cisco

Unanswered Question
Dec 12th, 2008

Hi all

I've established a VPN between our Checkpoint FW and a customer's Cisco Router.

Out Checkpoint FW shows no errors in the logs but the customer is reporting that their Cisco router is filling up with the following message:

%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 195.75.x.x

IPSEC(validate_transform_proposal): no IPSEC cryptomap exists for local address x.x.x.x

We've checked the parameters again and again and can't see anything wrong on either side yet problem persists. Any ideas?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mike_guy29 Fri, 12/12/2008 - 03:27

Hi,

Are you able to post some more info such as the config on either sides (without sensitive info). It would also be useful if you could do a "show crypto isakmp sa" and "show crypto ipsec sa" on the cisco device. May be worth capturing some debugging too.

Is there any NAT going on between the two devices? Or do the external interfaces of both have public IP addresses.

Thanks

Actions

This Discussion