I have been trying to setup a site to site between a NG FP4/Nokia to a Multitech RF600.
Logs from the Multitech revial the following below, peer is recieving the Internal address of the Checkpoint end, rather than the External 203 address!!
All routing appears ok, also Checkpoint objects state the public address also, no natting either.
Checkpoint logs reveal main mode complete than my favourite,
encryption fail reason: Packet is dropped because there
is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information
(Multitech)
When I create an IKE connection, under the IPsec live connections the tunnel does not come up and I recieve the error message in the log:
May 20 23:54:57 routefinder Pluto[766]: "VPN_to_exel_au" #3959: we require peer to have ID '203.xx.xx.xx', but peer declares '10.xx.xx.xx'
May 20 23:56:07 routefinder Pluto[766]: "VPN_to_exel_au" #3959: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
May 20 23:56:07 routefinder Pluto[766]: "VPN_to_xxxx_au" #3959: starting keying attempt 3960 of an unlimited number
May 20 23:56:07 routefinder Pluto[766]: "VPN_to_xxx_au" #3960: initiating Main Mode to replace #3959
Anyone have any problems with these two vendors, any help much appreaciated
