Site-to-site VPN with Check Point

Discussion in 'Cisco' started by Nick Brandson, Feb 24, 2006.

  1. dear guru,

    Just wondering if you have tried to build site-to-site from my
    concentrator 3000 with CP fw-1 NGR55.

    We have everything set up as per instructed
    http://www.cisco.com/en/US/products...s_configuration_example09186a0080150fee.shtml

    We have several subnets, the VPN seems working when connecting from
    net-1, however, it said "no proposal chosen" from ping from net-2.
    Both net-1 & net-2 have been defined as encryption domain on both CP &
    concentrator.

    Any ideas will be appreciated.

    Thx
    Nick
    Nick Brandson, Feb 24, 2006
    #1
    1. Advertising

  2. Nick Brandson

    Guest

    Hello Nick,

    I found this, maybe it gives you a hint:

    Peer Address X.X.X.X Not Found
    This error message normally appears with the corresponding VPN 3000
    Concentrator error message Message: No proposal chosen(14). This is a
    result of the connections being host-to-host. The router configuration
    has the IPsec proposals in an order where the proposal chosen for the
    router matches the access list, but not the peer. The access list has a
    larger network that includes the host that intersects traffic. In order
    to correct this, make the router proposal for this
    concentrator-to-router connection first in line. This allows it to
    match the specific host first.

    20:44:44: IPSEC(validate_proposal_request): proposal part #1,
    (key eng. msg.) dest= 194.70.240.150, src= 198.174.236.6,
    dest_proxy= 10.0.0.76/255.255.255.255/0/0 (type=1),
    src_proxy= 198.174.238.203/255.255.255.255/0/0 (type=1),
    protocol= ESP, transform= esp-3des esp-md5-hmac ,
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
    20:44:44: IPSEC(validate_transform_proposal):
    peer address 198.174.236.6 not found

    Regards,

    H
    , Feb 24, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    4
    Views:
    3,622
  2. krw1968
    Replies:
    6
    Views:
    600
    krw1968
    Apr 7, 2005
  3. David Sudjiman
    Replies:
    0
    Views:
    1,025
    David Sudjiman
    Jun 8, 2006
  4. chezjosh
    Replies:
    1
    Views:
    528
  5. pasatealinux
    Replies:
    1
    Views:
    2,012
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page