Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Site-To-Site VPN Between Nokia Checkpoint R65 Firewalls

Status
Not open for further replies.

goulin1

Technical User
Dec 5, 2006
17
AU
Hi,

I seem to be having dramas setting up a site to site VPN between 2 Nokia Checkpoint firewalls running R65. The VPN is across a Private IP network.

I am a newbie to Checkpoint, so it couldbe /probably is something simple, but I can't for the life of me figure it out.

Summary of what I have done:
* Added Checkpoints into SmartDashboard
* Checked the VPN tick box under Check Point Products under the General Properties of the Check Point Gateways
* Under Topology - Manually defined the network for the VPN Domain
* Then went to VPN Communities and defined a new Site-to-Site meshed VPN, and added the 2 Checkpoints as the Participating Gateways

Other than this, I have not changed anything else.

From the logs, I can see 2 errors:

VPN Feature: IKE
Action: Reject
Encryption Scheme: IKE
Information: encryption failure: no response from peer

VPN Feature: VPN
Action: Drop
Encryption Scheme: IKE
Information: service_id: tunnel_test: encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information

I have looked at the document and it does not help much at all.

I am getting the above logs for both Checkpoints.

The routing should be fine between the Checkpoints. Not sure how to do a trace from the console, but the next hop devices have routes to eachother.

Any help is greatly appreciated.

Cheers,
goulin
 
Hi,

I managed to sort this one out... the issue was that under Global Properties/Firewall - Accept VPN-1 Power/UTM control connections was not selected. Once I selected this, it worked without any dramas.

The annoying thing was that there was no error message to indicate this could be the problem.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top