Checkpoint to Juniper VPN

[tdvit]

Hi,

Looking for some help here if I can get it.

Trying to bring up a VPN between NG AI and a Juniper SG Firewall but the Key exchange is failing. Getting a couple of errors.

1. Recieved a cleartext password within an encrypted connection which is weird cause the VPN hasnt come up. This arrow is pointing to the left on this error.

2. encrypt fail reason, packet is dropped cause there was no valid SA. arrow points to the left also with this one.

Any help or thoughts will be greatly recieved.

Mick

[menz456]

I have had so much trouble with this!
Now the main issue is that the proxy id/vpn domain that the checkpoint will send it seems is just a lucky dip.
if you can trouble shoot at the juniper end please type in:
get event type 536
this will show you what proxy id the checkpoint is sending.
you may think that it should send say 192.168.1.1 but it might send
anything. The command from the juniper will show you this and you can
change the policy rule on the juniper to be the same and it'll work.
another big issue is the fact that if you're using a vpn community and using a group for your encryption domain it will not work properly either.
I've been working on this for a while so let me know if you need more help.
sam

[tdvit]

cheers Sam but got it sorted. the problem was the way the jumiper fwall interfaces are configured and what you pinpoint to use in the vpn.

cheers

[menz456]

Maybe you can help me with a new juniper issue.
We have the vpn up and working and i've just tried to add in another host into the tunnel. The checkpoint end now sends out an id=0.0.0.0??
The Juniper does not like this of course.
I have trawled the net and it may be because i'm now using a group as the vpn domain instead of the network as i was before. Or it might
be the supernetting issue that people talk about.
Have you come across this?
Thanks
Sam

[antonyso88]

What IPSEC Phase 1 and 2 setting. Please try MD5 instead of SHA-1.