cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
707
Views
0
Helpful
1
Replies

IPSEC VPN between Checkpoint & Cisco

martincheung
Level 1
Level 1

Hi all

I've established a VPN between our Checkpoint FW and a customer's Cisco Router.

Out Checkpoint FW shows no errors in the logs but the customer is reporting that their Cisco router is filling up with the following message:

%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 195.75.x.x

IPSEC(validate_transform_proposal): no IPSEC cryptomap exists for local address x.x.x.x

We've checked the parameters again and again and can't see anything wrong on either side yet problem persists. Any ideas?

Thanks

1 Reply 1

mike_guy29
Level 1
Level 1

Hi,

Are you able to post some more info such as the config on either sides (without sensitive info). It would also be useful if you could do a "show crypto isakmp sa" and "show crypto ipsec sa" on the cisco device. May be worth capturing some debugging too.

Is there any NAT going on between the two devices? Or do the external interfaces of both have public IP addresses.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: