Cisco 877 to Nokia Checkpoint IP380

[BrA1nE]

Hi

I am trying to setup a VPN from our Nokia IP380 to a cisco 877 device. The problem I am now having is that from the LAN on the cisco I can ping my internal network to the CP but from my internal LAN behind the CP I cannot ping back to anything behind the Cisco 877.

The cisco config all seems ok and has been checked over by various techies but also I can say the same for the CP.

The errors I am getting on the CP tracker "packets dropped due to invalid SA" also on the key exchange for the cisco it is saying "IKE: Quick Mode Received notification from Peer: no proposal chosen"

I have tried various options found in these and other forumns such as "Disable NAT inside VPN Community" & "Change to 'One VPN tunnel per each pair of host'"

Anyone had any similar problems they have overcome or any advise please?

[BrA1nE]

Got this working now was the accesslist on the cisco side which now amended and all working ok

[denbesten]

You can also solve this particular problem in SmartCenter by clicking "One VPN tunnel per each pair of hosts" on the "VPN advanced" tab of the gateway object for the Cisco.

As you discovered, this issue comes about when the Checkpoint "VPN Domain" does not match the Cisco "Crypto Map ... match address" (access list 110 in your case).