[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Check Point VPN-1 and Watch Guard SOHO VPN




We are trying to establish an IPSec VPN between VPN-1 v4.1 w/sp2 and
WatchGuard SOHO.  We use DES, SHA1 and sharedsecret.

The VPN-1 log says:
IKE Log: Phase 1 cmpletion.  DES/SHA1/Pre shared secrets Negotiation Id:
xxxxx
icmp-type 8 icmp-code 0 encryption failure: no response from peer. scheme:
IKE.

The WatchGuard SOHO log says:

JAN 30 21:51:54 2001  MONITOR  remote gateway (aa.xx.yy.98) dead - force
rekey
JAN 30 21:51:54 2001  IP  previous message duplicated 10 times
JAN 30 21:51:38 2001  IP  Packet discarded from 1.0.0.1 to 204.xx.yy.131 for
port 137
JAN 30 21:51:38 2001  MONITOR  previous message duplicated 1 times
JAN 30 21:50:18 2001  MONITOR  remote gateway (aa.xx.yy.98) dead - force
rekey
JAN 30 21:50:18 2001  IP  previous message duplicated 23 times
JAN 30 21:49:38 2001  IP  Packet discarded from 1.0.0.1 to 204.xx.yy.131 for
port 137
JAN 30 21:49:17 2001  MONITOR  Cannot load responder ipsec preferences!
JAN 30 21:49:17 2001  MONITOR  Unable to get ipsec prefs err=-2
JAN 30 21:49:17 2001  MONITOR  aa.xx.yy.98: Unable to find channel info for
remote(€+á€+:P)

Could someone tell us what am I missing here?!

On VPN-1, Phase 1 is complete, but it has not "reached" Phase 2.  Does it
mean that the VPN-1 has established connectivity with SOHO and waiting for
SOHO to respond?  Or the VPN-1 has not reached SOHO yet.

On the SOHO box, what does "MONITOR  remote gateway (aa.xx.yy.98) dead -
force rekey" mean?  Has it reached the VPN-1 box yet? Or it is rejected by
VPN-1, but I could not see related entry in the log!

Any pointers/input are appreciated.

Thanks,

Ivan






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================