Site to Site VPN with IOS to Checkpoint - I'm lost
I need to setup a site 2 site IKE VPN-tunnel, the configuration kinda speaks for itself, but in short the idea is to only use the secondairy DSL interface for a dedicated IPSec tunnel to a remote location.
When the tunnel is being initiated, it fails on Phase1:
The awkward thing is:
ISAKMP: reserved not zero on ID payload!
%CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from 188.8.131.52 failed its sanity check or is malformed
Would indicate a mismatch in the preshared key (or does it?!). I tripple checked that....
Kinda lost now, any thinking along and/or help appreciated!
Re: Site to Site VPN with IOS to Checkpoint - I'm lost
It'll probably won't be earlier than this friday than I can give it a try, but I will and report/rate back ;-)
I'm not sure why using the no-xauth would make a difference though...
(Optional) Use this keyword if router-to-router IPSec is on the same crypto map as a Virtual Private Network (VPN)-client-to-Cisco-IOS IPSec. This keyword prevents the router from prompting the peer for extended authentication (Xauth) information (username and password). "
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...