Community discussions

MUM Europe 2020
Topic Author
Posts: 43
Joined: Thu Apr 07, 2005 5:38 pm


Wed Mar 15, 2006 7:44 pm

I am trying to create an IPSec tunnel between a MT router and a Checkpoint firewall. I have entered the following details in the MT router but the tunnel is not being initiated. Nothing is in the log file even though I have got both IPsec and IKE logging on. I have checked initiating the tunnel from a Netgear router and it works.

[admin@FTC MT] ip ipsec policy> print
Flags: X - disabled, D - dynamic, I - invalid
0 src-address= dst-address= protocol=all
action=encrypt level=require ipsec-protocols=esp tunnel=yes
sa-src-address=x.x.x.15 sa-dst-address=x.x.x.137
proposal=default manual-sa=none dont-fragment=clear

[admin@FTC MT] ip ipsec peer> print
Flags: X - disabled
0 address=x.x.x.137/32:500 secret="*********" generate-policy=no
exchange-mode=main send-initial-contact=yes proposal-check=obey
hash-algorithm=sha1 enc-algorithm=des dh-group=modp768 lifetime=1d
User avatar
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany

Re: IPSec

Thu Mar 16, 2006 4:40 pm

if nothing is in the log, the policy does not match the packet.

Who is online

Users browsing this forum: Google [Bot], sid5632 and 98 guests