Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco PIX 520 5.1(2) IKE VPN session to CheckPoint FW-1 4.1 sp5

A mind-numbing question, I basically can't get the two to connect...any help is appreciated!

I can initiate the IKE session between the boxes accross the 'net. I get a "Proposal not chosen: <phase 1 stage 2>" on the CheckPoint, and the PIX gives this for a dump:

crypto_isakmp_process_block: src x.x.x.5, dest y.y.y.149

OAK_MM exchange

ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy

ISAKMP: encryption DES-CBC

ISAKMP: hash SHA

ISAKMP: auth pre-share

ISAKMP: default group 2

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x9 0x3a 0x80

ISAKMP (0): atts are not acceptable. Next payload is 3

ISAKMP (0): Checking ISAKMP transform 2 against priority 10 policy

ISAKMP: encryption DES-CBC

ISAKMP: hash SHA

ISAKMP: auth pre-share

ISAKMP: default group 1

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x9 0x3a 0x80

ISAKMP (0): atts are acceptable. Next payload is 0

ISAKMP (0): processing vendor id payload

ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

return status is IKMP_NO_ERROR

crypto_isakmp_process_block: src x.x.x.5, dest y.y.y.149

crypto_isakmp_process_block: src x.x.x.5, dest y.y.y.149

crypto_isakmp_process_block: src x.x.x.5, dest y.y.y.149

crypto_isakmp_process_block: src x.x.x.5, dest y.y.y.149

crypto_isakmp_process_block: src x.x.x.5, dest y.y.y.149

crypto_isakmp_process_block: src x.x.x.5, dest y.y.y.149

crypto_isakmp_process_block: src x.x.x.5, dest y.y.y.149

ISAKMP (0): retransmitting phase 1...

crypto_isakmp_process_block: src x.x.x.5, dest y.y.y.149

crypto_isakmp_process_block: src x.x.x.5, dest y.y.y.149

crypto_isakmp_process_block: src x.x.x.5, dest y.y.y.149

crypto_isakmp_process_block: src x.x.x.5, dest y.y.y.149

return status is IKMP_NO_ERR_NO_TRANS

ISAKMP (0): retransmitting phase 1...

ISADB: reaper checking SA 0x811bcb30, conn_id = 0

ISAKMP (0): deleting SA

ISADB: reaper checking SA 0x811bcb30, conn_id = 0 DELETE IT!

1 REPLY
Silver

Re: Cisco PIX 520 5.1(2) IKE VPN session to CheckPoint FW-1 4.1

This config might be what you need: http://www.cisco.com/warp/public/110/cp-p.html

Hope this helps!

132
Views
0
Helpful
1
Replies
CreatePlease to create content