11-30-2007 06:45 AM - edited 03-03-2019 07:44 PM
Hello,
I am trying to create a VPN between a Cisco Pix and a Checkpoint firewall both in the same external subnet:-
PIX Outside 172.20.30.1/25
Checkpoint Outside 172.20.30.2/25
This fails with:-
crypto_isakmp_process_block:src:172.20.30.1, dest:172.20.30.2 spt:500 dpt:500
ISAKMP: phase 2 packet is a duplicate of a previous packet
I guess this is possible to do, as I am wanting to encrypt traffic from 2 directly connected customers as to protect both Environments.
Any help would be much appreciated.
Kind Regards
Steven
11-30-2007 06:54 AM
If you do a search on Cisco for "checkpoint VPN" you will get some hits. Also make sure the firewall has sysopt permit ipsec.
11-30-2007 07:00 AM
Thank you for the info.
My main questions is should the VPN work with both public interfaces in the same subnet?
Cheers
Steven
11-30-2007 07:03 AM
Sorry, yes you should be able to do that.
11-30-2007 08:52 AM
Hello,
Thank you I have managed to sort the Phase 2 issue:-
crypto map rtprules 10 set security-association lifetime seconds 3600 kilobytes 4608000
Fixed the problem.
Kind Regards
Steven
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide