Greetings,
I am currently trying to set up a VPN between my location and a
remote vendor. I have set up the following rules:
MySVR (NATed Address) Internal: 172.x.y.z External: 209.x.y.z
MyFW 209.x.y.2
MyEncryptionDomain (Group) Net_172 and Net_209
TheirSVR (NATed Address) Internal: 172.16.x.y External: 12.x.y.z
TheirFW 12.x.y.2
TheirEncryptionDomain (Group) Net_172_16 and Net_12
RuleBase
Source Dest Service Action
MySVR,MyFW TheirFW,TheirSVR ICMP Encrypt
TheirFW,TheirSVR MySVR, MyFW ICMP
Encrypt
The encryption scheme I am using on both sides is ISAKMP/OAKLEY, 3DES+MD5
ESP, shared-secret
I am able to encrypt fine on both ends and the key installs fine, but on the
receiving Firewall end, the keys install fine but I get a drop with the Info
message of
icmp-type 8 icmp-code 0 encryption failure: Peer used wrong methods
scheme: ISAKMP
Sometimes I get the following message as well
icmp-type 8 icmp-code 0 encryption failure: no response from peer.
scheme: ISAKMP
I have verified that both MyServer and TheirServer can be accessed from
external sources (telnet to route-server.ip.att.net and traceroute/ping to
both machines successful)
Anyone have any helpful tips or advice, maybe had a similar problem?
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
