Checkpopint NG R60 <-> VPN300

[FredEg]

Hi,

Ive been trying to establish a VPN tunnel between my Checkpoint NG and a Checkpoint VPN3000. The tunnel is set up with traditional mode, 3DES, MD5 and shared secret. When i sen trafic the following messages appera tin Tracker

Number: 356
Date: 2Nov2006
Time: 12:17:56
Product: VPN-1 Pro/Express
Interface: daemon
Origin:
Type: Log
Action: Key Install
Source:
Destination:
Encryption Scheme: IKE
VPN Peer Gateway:
IKE Initiator Cookie: b3518b2c100f511c
IKE Responder Cookie: ed6d1538e342f08d
Encryption Methods: 3DES + MD5, Pre shared secrets
Community: Gk-GP
Subproduct: VPN
VPN Feature: IKE
Information: IKE: Main Mode completion [UDP].

Then immidiately:

Number: 357
Date: 2Nov2006
Time: 12:17:56
Product: VPN-1 Pro/Express
Interface: daemon
Origin:
Type: Log
Action: Key Install
Source:
Destination:
Encryption Scheme: IKE
VPN Peer Gateway:
IKE Phase2 Message ID: e64c1179
Subproduct: VPN
VPN Feature: IKE
Information: IKE: Informational Exchange Received Delete IKE-SA from Peer:
Cookies: 2c8b51b31c510f10-38156ded8df042e3

Then the same messages is repeated endlessly until i do a new download of the policy.

Anybody got a clue what this is about...

 

[Igymann]

Fred,

Thec checkpoint knowledge base says...


Product: VPN-1 Pro (VPN-1/FW-1)
Version: NG
Last Modified: 11-Apr-2006







Symptoms



VPN tunnel fails to establish.
Key exchange between Check Point gateway to Cisco router starts, but shortly after fails with the error: "IKE:Information Exchanged Received Delete IPSEC-SA from peer".


Cause



The Cisco router does not have an Access List defined, allowing ESP traffic.


Solution



Create an Access List on the Cisco router, allowing ESP to it and from it.

Applies To:



VPN-1/FireWall-1 4.1
VPN-1/FireWall-1 NG
Cisco
IKE


Also try to use 6 characters for you pre shared keys