Re: [FW1] Checkpoint - Watchguard VPN

Fri, 08 Dec 2000 06:58:04 -0800 



I have got the same error messages when I tried the same thing, this error
message occurred for us when there where a mismatch between encryption
domains. After we double checked (a couple of times) the configuration on
both sides the problem went away.

/Bjorn Jansson


                                                                                       
                            
                    Andre van der                                                      
                            
                    Lans                 To:     
[EMAIL PROTECTED]@SMTP@Cell                
                    <[EMAIL PROTECTED]        cc:                                           
                            
                    et>                  Subject:     [FW1] Checkpoint - Watchguard 
VPN                            
                                                                                       
                            
                    2000-12-08                                                         
                            
                    15:09                                                              
                            
                                                                                       
                            
                                                                                       
                            




Hi,

I''ve tried to configure a VPN between a Checkpoint Firewall-1 and a
watchguard, but it won't work.
The checkpoint firewall is running on version 4.1 sp 1 and the watchguard
is running LSS4.5.

The log messages in the firewall-1 logmonitor showed that the watchguard
site is not responding
on IKE negotiations.
Logging: encryption failure: no response from peer scheme IKE

The following logging came from the watchguard:
28538 12/08/00 14:14:51 iked[87] Adding previous packet at slot 0
(194.151.255.162)
28548 12/08/00 14:14:51 iked[87] Delete SA!
28558 12/08/00 14:14:51 iked[87] ipsec_cancel_acquire: Called as responder
28568 12/08/00 14:14:51 iked[87] ipsec_cancel_acquire: ci_vpn_id does not
point to a key_request structure.
28578 12/08/00 14:14:51 iked[87] About to process `sa' payload
28588 12/08/00 14:14:51 iked[87] checking ISA_SA
28598 12/08/00 14:14:51 iked[87] proposal is unacceptable. mess_id=0
28608 12/08/00 14:14:51 iked[87] Error processing (sa)
28618 12/08/00 14:14:51 iked[87] Main Mode processing failed
28628 12/08/00 14:14:53 iked[87] Skipping duplicate packet from
194.151.255.162 cached in slot 0
28648 12/08/00 14:14:55 iked[87] Skipping duplicate packet from
194.151.255.162 cached in slot 0
28658 12/08/00 14:14:57 iked[87] Skipping duplicate packet from
194.151.255.162 cached in slot 0

Looks like that there are some problems with the IKE negotiation, does
anybody has a clue?

Regards, Andre



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to