Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
840
Views
0
Helpful
1
Replies

Cisco Router - NG R55 VPN problem

moschino
Level 1
Level 1

‎03-01-2005 05:24 AM

hello,

I have a problem about VPN connection between Checkpoint R55 and Cisco. Configuring an IPSEC Tunnel between a Cisco Router and NG is documented on Document ID 23784.But in this example, both networks inside gateways are private. Unfortunately, I'm trying to make a VPN from NG DMZ Network-172.16.31.0 to reel IP network. And when you debug Cisco, source_proxy is 172.16.31.2, so it is unusable IP in Internet.I see the key exchange from CP to Cisco and from Cisco to CP.

(CP logs are like this: Source:CP Dest:Cisco->IKE: Main Mode completion.Source:Cisco Dest:CP IKE: Quick Mode Received Notification from Peer: no proposal chosen)

And IKE phase 2 is getting unsuccessful. (logs of CP:encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information) What should I do? Should I make anything on Cisco or CP.

please help!

Labels:
0 Helpful
1 Reply 1

smalkeric
Level 6
Level 6

‎03-07-2005 08:31 AM

Check your configurations on both sides agaian, from the error message I guess the Transform set is not matching.

0 Helpful
Customers Also Viewed These Support Documents