03-26-2018 12:03 PM - edited 02-21-2020 07:33 AM
Dears,
My IKEv2 tunnel is not coming up with the below settings , on my end I have a asa and the remote end is check point , I want to know the below is correct configuration or there should be some change,
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256----- this will match will sha512 lower setting or I shld lower it down aes 192
protocol esp integrity sha-512-------------I want to know this can match with AES 256 above or I shld lower it down
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-384
crypto ikev2 policy 1
encryption aes-256
integrity sha512
group 20 21
prf sha512
lifetime seconds 86400
crypto ikev2 policy 2
encryption aes-192
integrity sha384
group 20 21
prf sha384
lifetime seconds 86400
03-26-2018 01:49 PM
Hello @adamgibs7,
It seems to be OK but the other side needs to match what you configured, can you attach the crypto configuration also?
HTH
Gio
03-27-2018 12:41 AM
Things are failing for me on these setting not able to form the VPN, but the problem is I m not able to collect the debug logs of vpn y these are failing when the debugs are enabled and when the vpn interesting traffic is initiated the terminal session gets disconnected.
any smart idea to enable imp debugs logs to see y it is failing
I have enabled
debug crypto ikev2 protocol 127
debug crypto ikev2 platform 127
03-27-2018 11:43 AM
Is it failing on phase1 or phase 2? Did you enable the debugs for ike etc? Make sure the other side is the same and you both have PFS set the same.
03-28-2018 07:18 AM
Dear
Is there anybody has built VPN with check-point with compatible settings,
the main problem is I m not able to collect the logs ??
thanks
03-28-2018 07:20 AM
03-28-2018 07:23 AM - edited 03-28-2018 07:24 AM
no I don't manage,
1 question cani have a multiple proposals like below or I have to create separate seperate??
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256 aes-192
protocol esp integrity sha-512 sha-384
crypto ikev2 policy 1
encryption aes-256 aes-192
integrity sha512 sha384
group 20 21
prf sha512
lifetime seconds 86400
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide