Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC between Checkpoint NGXR65 and Pfsense 1.2.2

    IPsec
    1
    4
    5.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jannus
      last edited by

      Hi there,

      We're trying to setup an IPSEC tunnel between a Pfsense box and a Checkpoint firewall.

      On both sides the settings are the same for phase 1 and 2 (3des, MD5) .

      Still the tunnel does not go online.

      Pfsense is showing the following error.
      –---------------------------------------------------------------------------------------------------------------
      Mar 16 14:58:29 racoon: [Datacenter_naar_Ipsec]: INFO: initiate new phase 1 negotiation: 217.67.249.2[500]<=>213.208.214.108[500]
      Mar 16 14:58:29 racoon: [Datacenter_naar      Ipsec]: INFO: IPsec-SA request for 213.208.214.108 queued due to no phase1 found.
      Mar 16 14:54:53 racoon: ERROR: phase1 negotiation failed due to time up. 2ff1ca70a3d00591:0000000000000000
      Mar 16 14:54:34 racoon: INFO: delete phase 2 handler.
      Mar 16 14:54:34 racoon: [Datacenter_naar      *****_Ipsec]: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP 213.208.214.108[0]->217.67.249.2[0]
      Mar 16 14:54:03 racoon: INFO: begin Identity Protection mode.
      –---------------------------------------------------------------------------------------------------------------

      Nokia coming up with this error.

      IKE: Main Mode no common authentication methods between myself and peer (PFsense)

      Is there anyone who succesfully setup an ipsec connection between Pfsense and Checkpoint ?

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • J
        Jannus
        last edited by

        okee,

        changed all the settings to des, sha1.

        checkpoint giving the following error in the logs.

        IKE: Main Mode Failed to match proposal: Transform: 3DES, MD5, Pre-shared secret, Group2 (1024 bit) Reason: Wrong value for: Encryption Algorithm

        Pfsense still the same error.

        Anyone a solution  ???

        1 Reply Last reply Reply Quote 0
        • J
          Jannus
          last edited by

          Set up a tunnel between Pfsense and a Windows machine, that works like a charm.

          Why not between pfsense and checkpoint  :(

          1 Reply Last reply Reply Quote 0
          • J
            Jannus
            last edited by

            Got the tunnel up after playing with the settings and upgrading to 1.3.3.

            Only traffic flows just from one site to the other not in reverse i think al the traffic get natted.

            Can't adjust any settings on the checkpoint site tommorow i check it out.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.