Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

PIX 515E and Checkpoint NGX

does any one has any experience in setting up a case like this, we are suppose to establish VPN Tunnel, also natting before the Tunnel and both sides will be initiating the Tunnel. Any help would be great, but i have set it up but having problem when the other side initiate the VPN Tunnel. In debug I see this message

IPSEC(validate_transform_proposal): proxy identities not supported

ISAKMP: IPSec policy invalidated proposal

ISAKMP (0): SA not acceptable!

return status is IKMP_ERR_NO_RETRANS

crypto_isakmp_process_block:src:y.y.y.y, dest:x.x.x.x spt:500 dpt:500

ISAKMP: reserved not zero on payload 8!

ISAKMP: malformed payload

if we initiate the connection it work well and i can access the other party LAN server behind checkpoint


Re: PIX 515E and Checkpoint NGX

This is a bug in checkpoint NGX R60 and R61. You will have to edit the kernel will have to add a line to the fwkern.conf of the checkpoint gateway.

fw_ike_reroute 1

Just get the command verified once again. its been a long time since i used it.

--Pls rate if it helps--

CreatePlease to create content