Cisco Router - NG R55 VPN problem

Unanswered Question
Mar 1st, 2005
User Badges:


I have a problem about VPN connection between Checkpoint R55 and Cisco. Configuring an IPSEC Tunnel between a Cisco Router and NG is documented on Document ID 23784.But in this example, both networks inside gateways are private. Unfortunately, I'm trying to make a VPN from NG DMZ Network- to reel IP network. And when you debug Cisco, source_proxy is, so it is unusable IP in Internet.I see the key exchange from CP to Cisco and from Cisco to CP.

(CP logs are like this: Source:CP Dest:Cisco->IKE: Main Mode completion.Source:Cisco Dest:CP IKE: Quick Mode Received Notification from Peer: no proposal chosen)

And IKE phase 2 is getting unsuccessful. (logs of CP:encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information) What should I do? Should I make anything on Cisco or CP.

please help!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smalkeric Mon, 03/07/2005 - 08:31
User Badges:
  • Silver, 250 points or more

Check your configurations on both sides agaian, from the error message I guess the Transform set is not matching.


This Discussion