IPSec phase 2 setup problem Check Point R55 and 1841 router
I'm struggling to get the phase 2 working and the error message seems clear enough
no IPSEC cryptomap exists for local address 184.108.40.206
The only discrepancy that I can fine is that the inbound phase 2 proposal has lifedur= 0s and 0kb which I cannot set on the Cisco as the IOS won't take zero values. To muddy the waters further I've found debug outputs on other websites which also have lifedur= 0s and 0kb early in the phase 2 that complete OK!
Also what does type=1 mean below? The web outputs seem to be mostly type=4
Can anyone shed some light on this ro see anything I can't?
For info the IOS will be upgraded to the (16) version this weekend...
Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(1a),
Aug 22 11:45:11: ISAKMP:(0:2:SW:1):Checking IPSec proposal 1
Aug 22 11:45:11: ISAKMP: transform 1, ESP_3DES
Aug 22 11:45:11: ISAKMP: attributes in transform:
Aug 22 11:45:11: ISAKMP: encaps is 1 (Tunnel)
Aug 22 11:45:11: ISAKMP: SA life type in seconds
Aug 22 11:45:11: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
Aug 22 11:45:11: ISAKMP: SA life type in kilobytes
Aug 22 11:45:11: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
Aug 22 11:45:11: ISAKMP: authenticator is HMAC-MD5
Aug 22 11:45:11: ISAKMP:(0:2:SW:1):atts are acceptable.
Aug 22 11:45:11: IPSEC(validate_proposal_request): proposal part #1,
Re: IPSec phase 2 setup problem Check Point R55 and 1841 router
Testing purposes only. The checkpoint parameters seem fine. even though the phase 2 lifetime is set to 3600 secs (no bytes parameter to be found) the trace on the Cisco still shows lifetime as 0 sec/bytes. Not sure if this is a red herring but the router is requesting the right parameters according to the debugs.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...