Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
0
Helpful
1
Replies

Issues with site to site VPN Phase 1 - no proposal messages

carl_townshend
Spotlight
Spotlight

‎08-04-2018 02:28 AM - edited ‎02-21-2020 08:03 AM

Hi All

I am having issues bringing up a vpn between an ASA and a Checkpoint firewall.

I am using the normal settings that we use to connect on our others but this one fails to come up.

I can see all the phase 1 proposals sent through, approx 10 sets, but the Checkpoint seems to not agree on them and sends a no proposal chosen message back to the ASA, gets stuck on MM1 message.

One thing to note is that the Checkpoint is in Russia, do Russia block any VPN protocols?

Any ideas why it isn't working?

cheers

0 Helpful
1 Reply 1

johnlloyd_13
Level 9
Level 9

‎08-04-2018 08:35 AM

hi,

can both VPN peers ping each others' public WAN/'outside' IP?

can you post a sanitized config from both ASA and CP FW?

try to do some IKE phase 1 debug and post a sanitize output.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card