[c-nsp] Cisco vs checkpoint VPN

Everton Diniz notrevebr at gmail.com
Thu Aug 24 16:52:00 EDT 2006 

Where i configure this??


Renegotiate IKE (phase 2)    3600 seconds

I do,

crypto map vpn 2
 set security-association lifetime 3600

But, my cisco don't get negotiate with checkpoint.
look the log

Aug 24 17:35:40.327 BSA: ISAKMP (0:2): received packet from 198.87.xx.xx (R)
QM_IDLE
Aug 24 17:35:40.331 BSA: CryptoEngine0: generate hmac context for conn id 2
Aug 24 17:35:40.331 BSA: ISAKMP (0:2): processing HASH payload. message ID =
43262936
Aug 24 17:35:40.331 BSA: ISAKMP (0:2): processing SA payload. message ID =
43262936
Aug 24 17:35:40.331 BSA: ISAKMP (0:2): Checking IPSec proposal 1
Aug 24 17:35:40.331 BSA: ISAKMP: transform 1, ESP_3DES
Aug 24 17:35:40.331 BSA: ISAKMP:   attributes in transform:
Aug 24 17:35:40.331 BSA: ISAKMP:      SA life type in seconds
Aug 24 17:35:40.331 BSA: ISAKMP:      SA life duration (VPI) of  0x0 0x1
0x51 0x80
Aug 24 17:35:40.331 BSA: ISAKMP:      authenticator is HMAC-SHA
Aug 24 17:35:40.331 BSA: ISAKMP:      encaps is 1
Aug 24 17:35:40.331 BSA: validate proposal 0
Aug 24 17:35:40.331 BSA: IPSEC(validate_proposal): invalid transform
proposal flags -- 0x4
Aug 24 17:35:40.331 BSA: ISAKMP (0:2): atts not acceptable. Next payload is
0
Aug 24 17:35:40.331 BSA: ISAKMP (0:2): phase 2 SA not acceptable!
Aug 24 17:35:40.331 BSA: CryptoEngine0: generate hmac context for conn id 2
Aug 24 17:35:40.331 BSA: ISAKMP (0:2): sending packet to 198.87.xx.xx (R)
QM_IDLE
Aug 24 17:35:40.331 BSA: ISAKMP (0:2): purging node 175281652
Aug 24 17:35:40.331 BSA: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick
mode failed with peer at 198.87.49.254
Aug 24 17:35:40.331 BSA: ISAKMP (0:2): deleting node 43262936 error FALSE
reason "IKMP_NO_ERR_NO_TRANS"
Aug 24 17:35:42.331 BSA: ISAKMP (0:2): received packet from
198.87.49.254(R) QM_IDLE
Aug 24 17:35:42.331 BSA: ISAKMP (0:2): phase 2 packet is a duplicate of a
previous packet.
Aug 24 17:35:42.331 BSA: ISAKMP (0:2): retransmitting due to retransmit
phase 2
Aug 24 17:35:42.331 BSA: ISAKMP (0:2): ignoring retransmission,because
phase2 node marked dead 43262936
Aug 24 17:35:44.331 BSA: ISAKMP (0:2): received packet from 198.87.xx.xx (R)
QM_IDLE
Aug 24 17:35:44.331 BSA: ISAKMP (0:2): phase 2 packet is a duplicate of a
previous packet.
Aug 24 17:35:44.331 BSA: ISAKMP (0:2): retransmitting due to retransmit
phase 2
Aug 24 17:35:44.331 BSA: ISAKMP (0:2): ignoring retransmission,because
phase2 node marked dead 43262936
Aug 24 17:35:46.331 BSA: ISAKMP (0:2): received packet from 198.87.xx.xx (R)
QM_IDLE
Aug 24 17:35:46.331 BSA: ISAKMP (0:2): phase 2 packet is a duplicate of a
previous packet.
Aug 24 17:35:46.331 BSA: ISAKMP (0:2): retransmitting due to retransmit
phase 2
Aug 24 17:35:46.331 BSA: ISAKMP (0:2): ignoring retransmission,because
phase2 node marked dead 43262936
Aug 24 17:35:48.331 BSA: ISAKMP (0:2): received packet from 198.87.xx.xx (R)
QM_IDLE
Aug 24 17:35:48.331 BSA: ISAKMP (0:2): phase 2 packet is a duplicate of a
previous packet.
Aug 24 17:35:48.331 BSA: ISAKMP (0:2): retransmitting due to retransmit
phase 2
Aug 24 17:35:48.331 BSA: ISAKMP (0:2): ignoring retransmission,because
phase2 node marked dead 43262936
Aug 24 17:35:50.331 BSA: ISAKMP (0:2): received packet from 198.87.xx.xx (R)
QM_IDLE
Aug 24 17:35:50.331 BSA: ISAKMP (0:2): phase 2 packet is a duplicate of a
previous packet.
Aug 24 17:35:50.331 BSA: ISAKMP (0:2): retransmitting due to retransmit
phase 2
Aug 24 17:35:50.331 BSA: ISAKMP (0:2): ignoring retransmission,because
phase2 node marked dead 43262936
Aug 24 17:35:52.335 BSA: ISAKMP (0:2): received packet from 198.87.xx.xx (R)
QM_IDLE
Aug 24 17:35:52.335 BSA: ISAKMP (0:2): phase 2 packet is a duplicate of a
previous packet.
Aug 24 17:35:52.335 BSA: ISAKMP (0:2): retransmitting due to retransmit
phase 2
Aug 24 17:35:52.335 BSA: ISAKMP (0:2): ignoring retransmission,because
phase2 node marked dead 43262936
Aug 24 17:35:56.331 BSA: ISAKMP (0:2): received packet from 198.87.xx.xx (R)
QM_IDLE
Aug 24 17:35:56.331 BSA: ISAKMP (0:2): phase 2 packet is a duplicate of a
previous packet.
Aug 24 17:35:56.331 BSA: ISAKMP (0:2): retransmitting due to retransmit
phase 2
Aug 24 17:35:56.331 BSA: ISAKMP (0:2): ignoring retransmission,because
phase2 node marked dead 43262936
Aug 24 17:36:00.335 BSA: ISAKMP (0:2): received packet from 198.87.xx.xx (R)
QM_IDLE
Aug 24 17:36:00.335 BSA: ISAKMP (0:2): phase 2 packet is a duplicate of a
previous packet.
Aug 24 17:36:00.335 BSA: ISAKMP (0:2): retransmitting due to retransmit
phase 2
Aug 24 17:36:00.335 BSA: ISAKMP (0:2): ignoring retransmission,because
phase2 node marked dead 43262936
Aug 24 17:36:04.331 BSA: ISAKMP (0:2): received packet from 198.87.xx.xx (R)
QM_IDLE
Aug 24 17:36:04.331 BSA: ISAKMP (0:2): phase 2 packet is a duplicate of a
previous packet.
Aug 24 17:36:04.331 BSA: ISAKMP (0:2): retransmitting due to retransmit
phase 2
Aug 24 17:36:04.331 BSA: ISAKMP (0:2): ignoring retransmission,because
phase2 node marked dead 43262936
Aug 24 17:36:08.339 BSA: ISAKMP (0:2): received packet from 198.87.xx.xx (R)
QM_IDLE
Aug 24 17:36:08.339 BSA: ISAKMP (0:2): phase 2 packet is a duplicate of a
previous packet.
Aug 24 17:36:08.339 BSA: ISAKMP (0:2): retransmitting due to retransmit
phase 2
Aug 24 17:36:08.339 BSA: ISAKMP (0:2): ignoring retransmission,because
phase2 node marked dead 43262936
Aug 24 17:36:12.331 BSA: ISAKMP (0:2): received packet from 198.87.xx.xx (R)
QM_IDLE
Aug 24 17:36:12.331 BSA: ISAKMP (0:2): phase 2 packet is a duplicate of a
previous packet.
Aug 24 17:36:12.331 BSA: ISAKMP (0:2): retransmitting due to retransmit
phase 2
Aug 24 17:36:12.331 BSA: ISAKMP (0:2): ignoring retransmission,because
phase2 node marked dead 43262936
Aug 24 17:36:30.331 BSA: ISAKMP (0:2): purging node 43262936


Any ideas,

Regards,

Everton

More information about the cisco-nsp mailing list