The pfSense Store

Author Topic: IPSEC between Checkpoint NGXR65 and Pfsense 1.2.2  (Read 2722 times)

0 Members and 1 Guest are viewing this topic.

Offline Jannus

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
IPSEC between Checkpoint NGXR65 and Pfsense 1.2.2
« on: March 16, 2010, 09:08:36 am »
Hi there,

We're trying to setup an IPSEC tunnel between a Pfsense box and a Checkpoint firewall.

On both sides the settings are the same for phase 1 and 2 (3des, MD5) .

Still the tunnel does not go online.

Pfsense is showing the following error.
-----------------------------------------------------------------------------------------------------------------
Mar 16 14:58:29 racoon: [Datacenter_naar_****_Ipsec]: INFO: initiate new phase 1 negotiation: 217.67.249.2[500]<=>213.208.214.108[500]
Mar 16 14:58:29 racoon: [Datacenter_naar_****_Ipsec]: INFO: IPsec-SA request for 213.208.214.108 queued due to no phase1 found.
Mar 16 14:54:53 racoon: ERROR: phase1 negotiation failed due to time up. 2ff1ca70a3d00591:0000000000000000
Mar 16 14:54:34 racoon: INFO: delete phase 2 handler.
Mar 16 14:54:34 racoon: [Datacenter_naar_*****_Ipsec]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 213.208.214.108[0]->217.67.249.2[0]
Mar 16 14:54:03 racoon: INFO: begin Identity Protection mode.
-----------------------------------------------------------------------------------------------------------------

Nokia coming up with this error.

IKE: Main Mode no common authentication methods between myself and peer (PFsense)
---------------------------------------------------------------------------------------------------------------

Is there anyone who succesfully setup an ipsec connection between Pfsense and Checkpoint ?


Thanks in advance!

Offline Jannus

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: IPSEC between Checkpoint NGXR65 and Pfsense 1.2.2
« Reply #1 on: March 16, 2010, 10:24:38 am »
okee,

changed all the settings to des, sha1.

checkpoint giving the following error in the logs.

IKE: Main Mode Failed to match proposal: Transform: 3DES, MD5, Pre-shared secret, Group2 (1024 bit) Reason: Wrong value for: Encryption Algorithm

Pfsense still the same error.

Anyone a solution  ???

Offline Jannus

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: IPSEC between Checkpoint NGXR65 and Pfsense 1.2.2
« Reply #2 on: March 18, 2010, 04:07:30 am »
Set up a tunnel between Pfsense and a Windows machine, that works like a charm.

Why not between pfsense and checkpoint  :(

Offline Jannus

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: IPSEC between Checkpoint NGXR65 and Pfsense 1.2.2
« Reply #3 on: March 18, 2010, 11:04:43 am »
Got the tunnel up after playing with the settings and upgrading to 1.3.3.

Only traffic flows just from one site to the other not in reverse i think al the traffic get natted.

Can't adjust any settings on the checkpoint site tommorow i check it out.