i am having a strange problem and i have tried doing googling but still not getting any strong answer to overcome the issue.
we have one partner in another country and we are trying to setup VPN Tunnel between us and this partner using PIX 515E and Checkpoint FW NXG on the other side.
configured the Crypto Map and ISAKMP and also with help from lrmoore did the natting and acl. the thing is like this.
Problem: when we initiate the connection the VPN Tunnel comes up and we can access there servers. but when they try to initiate the connection; i see on pix that it stops at phase 2 of IPsec.
Question:
for inbound do we need something extra in ACL or simple VPN access-list works for both inbound and outbound. any help would be great, i really need it up
please i need help here, below is what i see on my debug
IPSEC(validate_transform_proposal): proxy identities not supported
ISAKMP: IPSec policy invalidated proposal
ISAKMP (0): SA not acceptable!
return status is IKMP_ERR_NO_RETRANS
crypto_isakmp_process_block:src:y.y.y.y, dest:x.x.x.x spt:500 dpt:500
ISAKMP: reserved not zero on payload 8!
ISAKMP: malformed payload
one thing i am sure that this is something to do the the Checkpoint box, cuz we had exactly the same problem. There is one specific option they need to check for that......but i need to get a check on that. In the mean time you can ask them to look out for some trials... dnt do anything on pix...
This message means the networks defined at both ends don't match. Verify that the network objects that fall under encryption on the CheckPoint box match with whatever access list you've used for encryption on the PIX.
NGX - PIX VPN setup should pretty much follow the basics in this 4.1 - PIX VPN example:
Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!
please i need help here, below is what i see on my debug
IPSEC(validate_transform_p
ISAKMP: IPSec policy invalidated proposal
ISAKMP (0): SA not acceptable!
return status is IKMP_ERR_NO_RETRANS
crypto_isakmp_process_bloc
ISAKMP: reserved not zero on payload 8!
ISAKMP: malformed payload