Hello all,
I'm trying to establish a VPN between a CP FW-1 v4.1
firewall and a Gauntlet v5.0 firewall. I've read the
document at:
http://www.phoneboy.com/fw1/docs/checkpoint_gvpn1.pdf
and tried to follow it, but am still not having any luck.
The most verbose error messages are from Gauntlet and are
below (cleaned), there is a constant stream of these
messages when the two firewalls are trying to negotiate.
I'm sure the error has something to do with the two lines
that say "No preffile for..." and "Preferences mismatch" but
I can't see what doesn't match and don't _really_ know what
those two things mean.
As a brief description of the settings according to this
file,
authI=pre IKE authentication: preshared secret
encrI=TripleDES IKE encryption: 3DES
encrII=TripleDES IPSec encryption: 3DES
authII=HMAC MD5 IPSec data integrity: MD5
pfs=off Perfect Forward Secrecy: off
And that's about all I know.
Has anyone seen this before when setting up a VPN between
these two?
More importantly, has anyone successfully done this? If so,
what am I missing?
Any hints would be greatly appreciated.
Thanks.
--andy
--
Andrew Caird Advance Product Development
[EMAIL PROTECTED] 313.436.8182 x108 www.advance-inc.com
Gauntlet ikmpd output
---------------------
Dec 29 14:59:10 my.firewall.com ikmpd:
Dec 29 14:59:10 my.firewall.com ikmpd: caught 216.127.x.y [d6e6c4cf:39025353]
Dec 29 14:59:10 my.firewall.com ikmpd: QM *hash nbytes=156
Dec 29 14:59:10 my.firewall.com ikmpd: Processing a hash payload
Dec 29 14:59:10 my.firewall.com ikmpd: Processing a id payload
Dec 29 14:59:10 my.firewall.com last message repeated 1 time
Dec 29 14:59:10 my.firewall.com ikmpd: status 216.127.x.y [d6e6c4cf:39025353]
Dec 29 14:59:10 my.firewall.com ikmpd: Anonymous remote attempting inside
connection
Dec 29 14:59:10 my.firewall.com ikmpd: local 192.168.0.0:255.255.255.0
Dec 29 14:59:10 my.firewall.com ikmpd: remote 216.127.x.y:255.255.255.255
Dec 29 14:59:10 my.firewall.com ikmpd: No preffile for me 192.168.0.0:255.255.255.0
him 216.127.x.y:255.255.255.255
Dec 29 14:59:10 my.firewall.com ikmpd: Preference mismatch - best guess prefs:
Dec 29 14:59:10 my.firewall.com ikmpd: link name=dbn-troy
Dec 29 14:59:10 my.firewall.com ikmpd: gateway=216.127.x.y
Dec 29 14:59:10 my.firewall.com ikmpd: local address=192.168.0.0:255.255.255.0
Dec 29 14:59:10 my.firewall.com ikmpd: remote address=10.33.0.0:255.255.248.0
Dec 29 14:59:10 my.firewall.com ikmpd: hash=MD5
Dec 29 14:59:10 my.firewall.com ikmpd: authI=pre
Dec 29 14:59:10 my.firewall.com ikmpd: encrI=TripleDES
Dec 29 14:59:10 my.firewall.com ikmpd: encrII=TripleDES
Dec 29 14:59:10 my.firewall.com ikmpd: authII=HMAC MD5
Dec 29 14:59:10 my.firewall.com ikmpd: pfs=Off
Dec 29 14:59:10 my.firewall.com ikmpd: rkey=Off
Dec 29 14:59:10 my.firewall.com ikmpd: encaps=Tunnel
Dec 29 14:59:10 my.firewall.com ikmpd: Trusted Using Preshared Secret
Dec 29 14:59:10 my.firewall.com ikmpd: status 216.127.x.y [d6e6c4cf:39025345]
Dec 29 14:59:10 my.firewall.com ikmpd: Error processing payload
Dec 29 14:59:10 my.firewall.com ikmpd: local 192.168.0.0:255.255.255.0
Dec 29 14:59:10 my.firewall.com ikmpd: remote 216.127.x.y:255.255.255.255
Dec 29 14:59:10 my.firewall.com ikmpd: GenericError processing id payload
Dec 29 14:59:10 my.firewall.com ikmpd: status 216.127.x.y [d6e6c4cf:39025345]
Dec 29 14:59:10 my.firewall.com ikmpd: Aborting QM connection attempt
Dec 29 14:59:10 my.firewall.com ikmpd: local 192.168.0.0:255.255.255.0
Dec 29 14:59:10 my.firewall.com ikmpd: remote 216.127.x.y:255.255.255.255
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
