[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 920) Re: Problems talking with Checkpoint-NG

To: racoon@kame.net
Subject: (racoon 920) Re: Problems talking with Checkpoint-NG
From: Satoshi Inoue <inoue@ntes.ipv6.nec.co.jp>
Date: Thu, 31 Mar 2005 16:27:54 +0900
Delivered-to: racoon-archive@kame.net
Delivered-to: racoon-outgo@kame.net
Delivered-to: racoon@kame.net
In-reply-to: <20050330111600.9C67C4C952@damned.travellingkiwi.com>
References: <20050330111600.9C67C4C952@damned.travellingkiwi.com>
Reply-to: racoon@kame.net
Sender: owner-racoon@kame.net

On Wed, 30 Mar 2005 11:16:00 +0000 (UTC)
hamish@travellingkiwi.com (Hamie) wrote:

> I'm trying to get an ipsec tunnel working between a Linux box 
> (Gentoo - amd64) and a Checkpoint-NG firewall (Nokia platform)
...
> Currently I've got it to the point where it looks like phase-I is 
> almost completing, but it looks like the linux box thinks phase-II
> should start, but for some reason the two ends don't seem to agree
> on what should be happening.

IKE phase 2 ID mismatch, maybe? Have you checked your SPD configuration
against the Checkpoint-NG F/W?

> 2005-03-30 10:12:32: ERROR: ignore information because the message 
>                             has no hash payload.

I think you should examine this packet too.
IKE phase 1 retransmission? well, that's my guess...

Follow-Ups:
- (racoon 923) Re: Problems talking with Checkpoint-NG
  - From: Hamie <hamish@travellingkiwi.com>
- (racoon 922) Re: Problems talking with Checkpoint-NG
  - From: Hamie <hamish@travellingkiwi.com>

References:
- (racoon 919) Problems talking with Checkpoint-NG
  - From: hamish@travellingkiwi.com (Hamie)

Prev by Date: (racoon 919) Problems talking with Checkpoint-NG
Next by Date: (racoon 921) Re: IPv6 with IPsec on FreeBSD 4.10-R with racoon-20040408a
Previous by thread: (racoon 919) Problems talking with Checkpoint-NG
Next by thread: (racoon 922) Re: Problems talking with Checkpoint-NG
Index(es):
- Date
- Thread