Problems configuring a VPN between a PIX and Check Point

Thread: Problems configuring a VPN between a PIX and Check Point

Search this list only Search all lists
Problems configuring a VPN between a PIX and Check Point
United States	2007-03-09 11:41:49

Hi folks, I'm facing a problem regarding a VPN tunnel that can't estabilish the second phase of IKE. I think one problem might be the nat 0: when I ping from my PIX 535 (not mine actually) :-P to a Check Point firewall, the traffic (from the Smart Track point of view) is in plain text and, therefore, is dropped. It should've been encrypted, and then, accepted by the Check Point fw. Here I have the configuration: nat (inside) 0 access-list 103 access-list 103 line 1 permit ip host 200.x.x.180 host 200.x.x.225 For the ACL's and crypto's I have: access-list 131 permit ip host 200.x.x.180 host 200.x.x.225 crypto map mymap 140 ipsec-isakmp crypto map mymap 140 match address 131 crypto map mymap 140 set pfs crypto map mymap 140 set peer 200.x.x.240 crypto map mymap 140 set transform-set myset crypto ipsec transform-set myset esp-3des esp-md5-hmac *** DEBUG crypto_isakmp_process_block:src:200.x.x.240, dest:200.x.x.1 spt:500 dpt:500 OAK_MM exchange ISAKMP (0): processing SA payload. message ID = 0 ISAKMP (0): Checking ISAKMP transform 1 against priority 8 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash MD5 ISAKMP: auth pre-share ISAKMP: default group 2 ISAKMP: life type in seconds ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 ISAKMP (0): atts are acceptable. Next payload is 0 ISAKMP (0): processing vendor id payload ISAKMP (0): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR return status is IKMP_NO_ERROR crypto_isakmp_process_block:src:200.x.x.240, dest:200.x.x.1 spt:500 dpt:500 OAK_MM exchange ISAKMP (0): processing KE payload. message ID = 0 ISAKMP (0): processing NONCE payload. message ID = 0 return status is IKMP_NO_ERROR crypto_isakmp_process_block:src:200.x.x.240, dest:200.x.x.1 spt:500 dpt:500 OAK_MM exchange ISAKMP (0): processing ID payload. message ID = 0 ISAKMP (0): processing HASH payload. message ID = 0 ISAKMP (0): SA has been authenticated Could somebody help me to figure out what's going on? Best regards, Romulo Sousa __________________________________________________________ Be a PS3 game guru. Get your game face on with the latest PS3 news and previews at Yahoo! Games. http://videogames.yahoo.com/platform?platform=120121 __._,_.___ Messages in this topic (1) Reply (via web post) \| Start a new topic . __,_._,___

[1]

about | contact Other archives ( Real Estate discussion Medical topics )