Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC between Checkpoint NGXR65 and Pfsense 1.2.2

    Scheduled Pinned Locked Moved IPsec
    4 Posts 1 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      Jannus
      last edited by

      Hi there,

      We're trying to setup an IPSEC tunnel between a Pfsense box and a Checkpoint firewall.

      On both sides the settings are the same for phase 1 and 2 (3des, MD5) .

      Still the tunnel does not go online.

      Pfsense is showing the following error.
      –---------------------------------------------------------------------------------------------------------------
      Mar 16 14:58:29 racoon: [Datacenter_naar_Ipsec]: INFO: initiate new phase 1 negotiation: 217.67.249.2[500]<=>213.208.214.108[500]
      Mar 16 14:58:29 racoon: [Datacenter_naar      Ipsec]: INFO: IPsec-SA request for 213.208.214.108 queued due to no phase1 found.
      Mar 16 14:54:53 racoon: ERROR: phase1 negotiation failed due to time up. 2ff1ca70a3d00591:0000000000000000
      Mar 16 14:54:34 racoon: INFO: delete phase 2 handler.
      Mar 16 14:54:34 racoon: [Datacenter_naar      *****_Ipsec]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 213.208.214.108[0]->217.67.249.2[0]
      Mar 16 14:54:03 racoon: INFO: begin Identity Protection mode.
      –---------------------------------------------------------------------------------------------------------------

      Nokia coming up with this error.

      IKE: Main Mode no common authentication methods between myself and peer (PFsense)

      Is there anyone who succesfully setup an ipsec connection between Pfsense and Checkpoint ?

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • J Offline
        Jannus
        last edited by

        okee,

        changed all the settings to des, sha1.

        checkpoint giving the following error in the logs.

        IKE: Main Mode Failed to match proposal: Transform: 3DES, MD5, Pre-shared secret, Group2 (1024 bit) Reason: Wrong value for: Encryption Algorithm

        Pfsense still the same error.

        Anyone a solution  ???

        1 Reply Last reply Reply Quote 0
        • J Offline
          Jannus
          last edited by

          Set up a tunnel between Pfsense and a Windows machine, that works like a charm.

          Why not between pfsense and checkpoint  :(

          1 Reply Last reply Reply Quote 0
          • J Offline
            Jannus
            last edited by

            Got the tunnel up after playing with the settings and upgrading to 1.3.3.

            Only traffic flows just from one site to the other not in reverse i think al the traffic get natted.

            Can't adjust any settings on the checkpoint site tommorow i check it out.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.