Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
1
Replies

837 IPSEC TUNNEL WITH CHECKPOINT NG

gcocchi
Level 1
Level 1

‎05-26-2005 02:23 AM - edited ‎02-21-2020 01:47 PM

Hi, i'm having some problem to create an ipsec tunnel with a cisco 837 router and a checkpoint NG fw. I readed a lot of documentations about it, but i cannot establish a tunnel.

In details, during the examination of debug message, i notice that phase 2 end with error.

"phase 2 packet is a duplicate of previous packet"

"retransmit due to retransmit phase 2"

"ignoring retransmission because phase2 node marked dead"

and the messages repeat forever.

It's so stange because if i send packet from checkpoint side, packet enter the router, that decrypt and send real packet to destination.

The destination reply, the packet enter the router but the route does not encrypt it.

I don't use NAT, and i folloewd more or less the docs about creating VPN on cisco site.

Some hints please.

Labels:
0 Helpful
1 Reply 1

pradeepde
Level 5
Level 5

‎06-01-2005 05:47 AM

What is the mode set on the Checkpoint?? If it is in aggressive mode change it to main mode since Cisco does not support Aggressive mode.

0 Helpful
Customers Also Viewed These Support Documents