Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
332
Views
0
Helpful
1
Replies

compatibility of pix and checkpoint vpn

snarl-zhou
Level 1
Level 1

‎08-31-2004 08:38 PM - edited ‎02-21-2020 01:19 PM

I config the site to site vpn between the pix 525e with software 6.3(4) and checkpoint ng p1

the problem is can ping behing pix to the checkpoint side, but cann't ping opposite direction,

when show crypto isakmp sa and show crypto ipsec sa

that display the session have been created,

when I debug crypto ipsec, it display that subnet on the other side which is 10.166.0.0/19 is not identical with the net 10.166.16.0/20 which i defined on the access-list that used by the crypto map match address,

I have check that the checkpoint's config, his source and destination are identical to pix config

and when I change the destination network to 10.166.0.0/19, ping both direction works,

the checkpoint version is ng with 1p, can anybody tell me either the checkpoint config is wrong or the campatibility problem, and what can I do to deal with that

Labels:
0 Helpful
1 Reply 1

jsivulka
Level 5
Level 5

‎09-13-2004 10:49 AM

I guess you are running into CSCef49154 - pix fails to establish tunnel to 3rd party firewall. You could wait and watch out for a workaround. The only other fix I can think of is to switch to another version ofPIX OS.

0 Helpful
Customers Also Viewed These Support Documents