Hi,
I seem to be having dramas setting up a site to site VPN between 2 Nokia Checkpoint firewalls running R65. The VPN is across a Private IP network.
I am a newbie to Checkpoint, so it couldbe /probably is something simple, but I can't for the life of me figure it out.
Summary of what I have done:
* Added Checkpoints into SmartDashboard
* Checked the VPN tick box under Check Point Products under the General Properties of the Check Point Gateways
* Under Topology - Manually defined the network for the VPN Domain
* Then went to VPN Communities and defined a new Site-to-Site meshed VPN, and added the 2 Checkpoints as the Participating Gateways
Other than this, I have not changed anything else.
From the logs, I can see 2 errors:
VPN Feature: IKE
Action: Reject
Encryption Scheme: IKE
Information: encryption failure: no response from peer
VPN Feature: VPN
Action: Drop
Encryption Scheme: IKE
Information: service_id: tunnel_test: encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information
I have looked at the document and it does not help much at all.
I am getting the above logs for both Checkpoints.
The routing should be fine between the Checkpoints. Not sure how to do a trace from the console, but the next hop devices have routes to eachother.
Any help is greatly appreciated.
Cheers,
goulin
I seem to be having dramas setting up a site to site VPN between 2 Nokia Checkpoint firewalls running R65. The VPN is across a Private IP network.
I am a newbie to Checkpoint, so it couldbe /probably is something simple, but I can't for the life of me figure it out.
Summary of what I have done:
* Added Checkpoints into SmartDashboard
* Checked the VPN tick box under Check Point Products under the General Properties of the Check Point Gateways
* Under Topology - Manually defined the network for the VPN Domain
* Then went to VPN Communities and defined a new Site-to-Site meshed VPN, and added the 2 Checkpoints as the Participating Gateways
Other than this, I have not changed anything else.
From the logs, I can see 2 errors:
VPN Feature: IKE
Action: Reject
Encryption Scheme: IKE
Information: encryption failure: no response from peer
VPN Feature: VPN
Action: Drop
Encryption Scheme: IKE
Information: service_id: tunnel_test: encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information
I have looked at the document and it does not help much at all.
I am getting the above logs for both Checkpoints.
The routing should be fine between the Checkpoints. Not sure how to do a trace from the console, but the next hop devices have routes to eachother.
Any help is greatly appreciated.
Cheers,
goulin
