VPN CP NG FP3 - Nortel Contivity

[spam4u2]

I was wondering whether anyone could help me with the following. I have found this thread steveave posted a while ago. This is the old thread:

------------------------------------------------------------
My CP NG FP3 initiates the IKE negotiation fine – Checkpoint logs the following error when the Nortel Contivity, at the other end, responds: 'Quick Mode Received Notification from Peer: Invalid ID information'. The 'invalid id information' is also logged in the ike.elg & vpnd.elg with debugging cranked up. I can find no reference to what 'ID' this is referencing.

I have checked all the normal stuff - same subnets for encryption domains, NATing off between the private subnets, same 3DES, MD5 and D-H 2 on both sides (on the objects and the encryption rules), Checkpoint KB, Phoneboy & general web searches.

Any ideas would be greatly appreciated.

steveave

The ‘Invalid ID’ refers to the pre-defined networks of the interoperable network device. Once I added the specific networks (unlike my other interoperable devices) for the Contivity all was well.

------------------------------------------------------

I have tested this (added the peer address in the topology and with the specific ED-network behind it). But the same effect.
Anybody got some more idea's???

Thnx in advance!

 

[wirelesspeap]

hi spam4u2,

Send me your contact so that I can call you and talk about
it. It has happened to me quite a few times too between
NG FP3 and Nortel Contivity so I may be able to help you.

my contact is wirelesspeap at yahoo dot com.

 

[pankajchawla]

This is the same issue about "peer IDs" and "isakmp identities" on Checkpoints

Is "vendor ID" disabled for the tunnel on the Nortel? "Vendor ID" on the Nortel just means "ISAKMP identity string."