1. Home
  2. pfSense® Software
  3. IPsec
  4. IPSEC between Checkpoint NGXR65 and Pfsense 1.2.2

IPSEC between Checkpoint NGXR65 and Pfsense 1.2.2

  • J

    Hi there,

    We're trying to setup an IPSEC tunnel between a Pfsense box and a Checkpoint firewall.

    On both sides the settings are the same for phase 1 and 2 (3des, MD5) .

    Still the tunnel does not go online.

    Pfsense is showing the following error.
    –---------------------------------------------------------------------------------------------------------------
    Mar 16 14:58:29 racoon: [Datacenter_naar_Ipsec]: INFO: initiate new phase 1 negotiation: 217.67.249.2[500]<=>213.208.214.108[500]
    Mar 16 14:58:29 racoon: [Datacenter_naar    Ipsec]: INFO: IPsec-SA request for 213.208.214.108 queued due to no phase1 found.
    Mar 16 14:54:53 racoon: ERROR: phase1 negotiation failed due to time up. 2ff1ca70a3d00591:0000000000000000
    Mar 16 14:54:34 racoon: INFO: delete phase 2 handler.
    Mar 16 14:54:34 racoon: [Datacenter_naar    *****_Ipsec]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 213.208.214.108[0]->217.67.249.2[0]
    Mar 16 14:54:03 racoon: INFO: begin Identity Protection mode.
    –---------------------------------------------------------------------------------------------------------------

    Nokia coming up with this error.

    IKE: Main Mode no common authentication methods between myself and peer (PFsense)

    Is there anyone who succesfully setup an ipsec connection between Pfsense and Checkpoint ?

    Thanks in advance!

    0
  • J

    okee,

    changed all the settings to des, sha1.

    checkpoint giving the following error in the logs.

    IKE: Main Mode Failed to match proposal: Transform: 3DES, MD5, Pre-shared secret, Group2 (1024 bit) Reason: Wrong value for: Encryption Algorithm

    Pfsense still the same error.

    Anyone a solution  ???

    0
  • J

    Set up a tunnel between Pfsense and a Windows machine, that works like a charm.

    Why not between pfsense and checkpoint  :(

    0
  • J

    Got the tunnel up after playing with the settings and upgrading to 1.3.3.

    Only traffic flows just from one site to the other not in reverse i think al the traffic get natted.

    Can't adjust any settings on the checkpoint site tommorow i check it out.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy