Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
0
Helpful
0
Replies

L2L VPN Between ASA and Checkpoint

Alvaro Rugama
Level 1
Level 1

‎09-25-2019 04:21 PM

Hi everyone

 

I'm having issues configuring a site to site VPN between ASA and Checkpoint device. At this point, we have check that interesting traffic, encryption and hashing algorithms are ok.

 

When we originate traffic from the network attached to ASA phase 1 comes up and also phase 2, we saw traffic getting encapsulated but there is no response inside the tunnel. We take captures from the ASA and we saw that responses are coming from port 4500 out of the tunnel. For this, we disable NAT-T on the crypto map for that specific VPN.

 

However, now we are seeing a lot of phase 2 negotiations going up and down on this VPN, where ASA is generating new ISAKMP Initiator request and modifying SPI values.

 

250919 cap.JPG

 

Any ideas about what can be happening here?

 

Thanks in advanced for any comment you have.

 

Regards

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents