- Community Home
- >
- Networking
- >
- Security e-Series
- >
- MSR + Checkpoint site-to-site IPSec doesn't work
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2017 01:50 AM
08-23-2017 01:50 AM
MSR + Checkpoint site-to-site IPSec doesn't work
Hello Community,
we try to establish the IPSec tunnel between HPE roueter series MSR200 and Checkpoint firewall.
The tunnel initiated from MSR site can be establishe successfully.
The tunnel establishment initiated from Checkpoint site fail in Phase 2 Quick mode.
The MSR reject the request wich error message INVALID-ID-INFORMATION.
MSR configuration:
#
ipsec transform-set AES-256-SHA-256
esp encryption-algorithm aes-cbc-256
esp authentication-algorithm sha256
pfs dh-group14
#
#
ipsec policy xxxxxxxxxxxxxxx 100 isakmp
transform-set AES-256-SHA-256
security acl name xxxxxxxxxxxxxxx
remote-address 0.0.0.0
ike-profile xxxxxxxxx
sa duration time-based 3600
#
ike profile xxxxxxxx
keychain xxxxxxxxxxxxx
proposal 1
#
ike proposal 1
encryption-algorithm aes-cbc-256
dh group14
authentication-algorithm sha256
sa duration 28800
#
acl advanced name xxxxxxxx
description ACL for crypto map IPSec_MAP 100
rule 2 permit ip source x.x.x.x 0.0.0.255 destination x.x.x.x 0.0.0.7
#
Error shown on MSR debugging output:
MSR2004-48 IPSEC/7/EVENT:
The policy's acl or ike profile does not match the flow, Name = IPSecVPN_xxx, Seqnum = 100
Please suggest anything kindly.
Thanks!