Greetings, all.
We are experiencing a problem with a VPN between our NG AI box running
SPLAT and our VPN-1 Edge X-16 box running 5.0.57x.
To setup the Edge box I did the normal three steps of creating a VPN-1
Edge/Embedded Profile, creating a VPN-1 Edge/Embedded Gateway, then
creating a Site To Site community. Everything seems to go just fine. I
am able to connect the Edge box to the Service Center (Software Updates,
Remote Management, Dynamic VPN, Logging & Reporting) but when I attempt
to ping from behind the Edge to behind the NG AI I am getting errors.
On the Edge device I get...
"Failed to establish VPN Tunnel with xxx.xxx.xxx.xxx: no proposal
chosen"
"Failed to establish VPN Tunnel with yyy.yyy.yyy.yyy: no response from
peer" - ~35 seconds after the first message.
(Where xxx.xxx.xxx.xxx = external IP of NG and yyy.yyy.yyy.yyy =
internal IP of host I am attempting to ping)
On our NG AI device I get
"IKE: Main Mode Failed to match proposal: AES-256, SHA1, RSA
Signature, Group 2 (1024 bit)"
I have attempted to set the VPN community to AES-256/SHA1 with no luck.
The VPN community is set like this: 3DES/MD5, AES-128/MD5, Group 2.
I've got two sets of rules allowing traffic...
Source Destination VPN
Service Install on
EDGE RULES
============
Local Internal Net Remote Internal Net Any Any
Edge Profile
Remote Internal Net Local Internal Net Any Any
Edge Profile
NG AI RULES
============
Local Internal Net Remote Internal Net Any Any
NG Gateway
Remote Internal Net Local Internal Net Any Any
NG Gateway
I have attempted to downgrade to the 4.5.64 on the Edge device but that
didn't help. I am running HFA-13 on the SPLAT box.
On the Edge box I don't see any Rules in Security -> Rules. Should the
rules I placed in SmartDashboard to be installed on the Edge profile
show up here? Under VPN -> VPN Sites I see a site name of "Enterprise"
but I can't check the properties of it or anything.
I am more than happy to post any logs if anyone wishes to see them.
Any ideas would be greatly appreciated.
Geoff Brisbine | Network Administrator
Direct: 715.287.3225 x190
MI-Assistant - A Division of Fiserv FSC, Inc.
26550 West Mondovi Street | Eleva, WI 54738
Phone: 715.287.4262 | Fax: 715.287.4576
http://www.mi-assistant.com/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
