Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Router - NG R55 VPN problem

hello,

I have a problem about VPN connection between Checkpoint R55 and Cisco. Configuring an IPSEC Tunnel between a Cisco Router and NG is documented on Document ID 23784.But in this example, both networks inside gateways are private. Unfortunately, I'm trying to make a VPN from NG DMZ Network-172.16.31.0 to reel IP network. And when you debug Cisco, source_proxy is 172.16.31.2, so it is unusable IP in Internet.I see the key exchange from CP to Cisco and from Cisco to CP.

(CP logs are like this: Source:CP Dest:Cisco->IKE: Main Mode completion.Source:Cisco Dest:CP IKE: Quick Mode Received Notification from Peer: no proposal chosen)

And IKE phase 2 is getting unsuccessful. (logs of CP:encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information) What should I do? Should I make anything on Cisco or CP.

please help!

1 REPLY
Silver

Re: Cisco Router - NG R55 VPN problem

Check your configurations on both sides agaian, from the error message I guess the Transform set is not matching.

470
Views
0
Helpful
1
Replies