I try to do a VPN connection between a Nokia IP130 with checkpoint NG FP1 and a SonicWall.
I finished the phase 1 and the phase 2 with ·3DES, SHA1, Pre- shared secret, I use UDP encapsulation, in the group 2 and with 3600 seconds.
The VPN configuration is “Traditional mode to all new security Polices”
I did a Nat rule with source LOCALNET and destination EXTERNALNET, service ANY and the TRANSLATED PACKET ORIGINAL.
The checkpoint log has the follow messages:
ike: quick mode received notification from peer: no proposal chosen (accept action in the rule 4) encryption failure: both endpoints are in VPN domain (drop action in the rule 4) encryption failure: no response from peer. (drop action in the rule 4) encryption failure: Encryption/Descryption Failure
The 4 rule is a simple group with my Local LAN and the Local LAN of the Sonnicwall with Encrypt Action
The sonicwall log has the follow messages:
10/21/2003 16:22:17.528 - IKE Responder: Received Quick Mode Request (Phase 2) - Source: (My LAN)- Destination (Soniwall LAN) - - 10/21/2003 16:22:17.528 - RECEIVED<<< ISAKMP OAK QM (InitCookie 0xd768c47c50fd702f1e5, MsgID: 0x641A9E8A4F) *(HASH, SA, NON, KE, ID, ID) - Source: (My LAN), 500 - Destination: (Soniwall LAN) - - 10/21/2003 16:22:17.608 - IKE Responder: ESP Perfect Forward Secrecy mismatch - Source: (My LAN)- Destination: (Soniwall LAN)- - 10/21/2003 16:22:17.608 - IKE Responder: IPSec proposal does not match (Phase 2) - Source: (My LAN)- Destination: (Soniwall LAN)
Somebody has any suggestion about this? What should I do?
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
