IPSEC between Checkpoint NGXR65 and Pfsense 1.2.2

  • Hi there,

    We're trying to setup an IPSEC tunnel between a Pfsense box and a Checkpoint firewall.

    On both sides the settings are the same for phase 1 and 2 (3des, MD5) .

    Still the tunnel does not go online.

    Pfsense is showing the following error.
    Mar 16 14:58:29 racoon: [Datacenter_naar_Ipsec]: INFO: initiate new phase 1 negotiation:[500]<=>[500]
    Mar 16 14:58:29 racoon: [Datacenter_naar
    Ipsec]: INFO: IPsec-SA request for queued due to no phase1 found.
    Mar 16 14:54:53 racoon: ERROR: phase1 negotiation failed due to time up. 2ff1ca70a3d00591:0000000000000000
    Mar 16 14:54:34 racoon: INFO: delete phase 2 handler.
    Mar 16 14:54:34 racoon: [Datacenter_naar
    *****_Ipsec]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP[0]->[0]
    Mar 16 14:54:03 racoon: INFO: begin Identity Protection mode.

    Nokia coming up with this error.

    IKE: Main Mode no common authentication methods between myself and peer (PFsense)

    Is there anyone who succesfully setup an ipsec connection between Pfsense and Checkpoint ?

    Thanks in advance!

  • okee,

    changed all the settings to des, sha1.

    checkpoint giving the following error in the logs.

    IKE: Main Mode Failed to match proposal: Transform: 3DES, MD5, Pre-shared secret, Group2 (1024 bit) Reason: Wrong value for: Encryption Algorithm

    Pfsense still the same error.

    Anyone a solution  ???

  • Set up a tunnel between Pfsense and a Windows machine, that works like a charm.

    Why not between pfsense and checkpoint  :(

  • Got the tunnel up after playing with the settings and upgrading to 1.3.3.

    Only traffic flows just from one site to the other not in reverse i think al the traffic get natted.

    Can't adjust any settings on the checkpoint site tommorow i check it out.

Log in to reply