Cisco Router - NG R55 VPN problem

Unanswered Question
Mar 1st, 2005

hello,

I have a problem about VPN connection between Checkpoint R55 and Cisco. Configuring an IPSEC Tunnel between a Cisco Router and NG is documented on Document ID 23784.But in this example, both networks inside gateways are private. Unfortunately, I'm trying to make a VPN from NG DMZ Network-172.16.31.0 to reel IP network. And when you debug Cisco, source_proxy is 172.16.31.2, so it is unusable IP in Internet.I see the key exchange from CP to Cisco and from Cisco to CP.

(CP logs are like this: Source:CP Dest:Cisco->IKE: Main Mode completion.Source:Cisco Dest:CP IKE: Quick Mode Received Notification from Peer: no proposal chosen)

And IKE phase 2 is getting unsuccessful. (logs of CP:encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information) What should I do? Should I make anything on Cisco or CP.

please help!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
smalkeric Mon, 03/07/2005 - 08:31

Check your configurations on both sides agaian, from the error message I guess the Transform set is not matching.

Actions

Login or Register to take actions

This Discussion

Posted March 1, 2005 at 5:24 AM
Stats:
Replies:1 Avg. Rating:
Views:425 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard