[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Checkpoint - Watchguard VPN





I have got the same error messages when I tried the same thing, this error
message occurred for us when there where a mismatch between encryption
domains. After we double checked (a couple of times) the configuration on
both sides the problem went away.

/Bjorn Jansson


                                                                              
                                     
                    Andre van der                                             
                                     
                    Lans                 To:     
fw-1-mailinglist@lists.us.checkpoint.com@SMTP@Cell                
                    <andrel@kpn.n        cc:                                  
                                     
                    et>                  Subject:     [FW1] Checkpoint - 
Watchguard VPN                            
                                                                              
                                     
                    2000-12-08                                                
                                     
                    15:09                                                     
                                     
                                                                              
                                     
                                                                              
                                     




Hi,

I''ve tried to configure a VPN between a Checkpoint Firewall-1 and a
watchguard, but it won't work.
The checkpoint firewall is running on version 4.1 sp 1 and the watchguard
is running LSS4.5.

The log messages in the firewall-1 logmonitor showed that the watchguard
site is not responding
on IKE negotiations.
Logging: encryption failure: no response from peer scheme IKE

The following logging came from the watchguard:
28538 12/08/00 14:14:51 iked[87] Adding previous packet at slot 0
(194.151.255.162)
28548 12/08/00 14:14:51 iked[87] Delete SA!
28558 12/08/00 14:14:51 iked[87] ipsec_cancel_acquire: Called as responder
28568 12/08/00 14:14:51 iked[87] ipsec_cancel_acquire: ci_vpn_id does not
point to a key_request structure.
28578 12/08/00 14:14:51 iked[87] About to process `sa' payload
28588 12/08/00 14:14:51 iked[87] checking ISA_SA
28598 12/08/00 14:14:51 iked[87] proposal is unacceptable. mess_id=0
28608 12/08/00 14:14:51 iked[87] Error processing (sa)
28618 12/08/00 14:14:51 iked[87] Main Mode processing failed
28628 12/08/00 14:14:53 iked[87] Skipping duplicate packet from
194.151.255.162 cached in slot 0
28648 12/08/00 14:14:55 iked[87] Skipping duplicate packet from
194.151.255.162 cached in slot 0
28658 12/08/00 14:14:57 iked[87] Skipping duplicate packet from
194.151.255.162 cached in slot 0

Looks like that there are some problems with the IKE negotiation, does
anybody has a clue?

Regards, Andre



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================