Site-to-site VPN with Check Point
Just wondering if you have tried to build site-to-site from my
concentrator 3000 with CP fw-1 NGR55.
We have everything set up as per instructed
We have several subnets, the VPN seems working when connecting from
net-1, however, it said "no proposal chosen" from ping from net-2.
Both net-1 & net-2 have been defined as encryption domain on both CP &
Any ideas will be appreciated.
Re: Site-to-site VPN with Check Point
I found this, maybe it gives you a hint:
Peer Address X.X.X.X Not Found
This error message normally appears with the corresponding VPN 3000
Concentrator error message Message: No proposal chosen(14). This is a
result of the connections being host-to-host. The router configuration
has the IPsec proposals in an order where the proposal chosen for the
router matches the access list, but not the peer. The access list has a
larger network that includes the host that intersects traffic. In order
to correct this, make the router proposal for this
concentrator-to-router connection first in line. This allows it to
match the specific host first.
20:44:44: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 22.214.171.124, src= 126.96.36.199,
dest_proxy= 10.0.0.76/255.255.255.255/0/0 (type=1),
src_proxy= 188.8.131.52/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
peer address 184.108.40.206 not found
|All times are GMT. The time now is 04:44 PM.|
Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.