I am trying to set up a site to site VPN from my PIX to a Checkpoint. I am getting the following errors - first error with ISAKMP NAT-T , send seccond one without NAT-T...
pixfirewall(config)# ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3 ISAKMP (0): beginning Main Mode exchange crypto_isakmp_process_block:src:162.145.74.130, dest:95.103.225.196 spt:500 dpt:
500 ISAKMP: drop P2 msg on unauthenticated SAISAKMP (0): retransmitting phase 1 (0)... ISAKMP (0): retransmitting phase 1 (4)...IPSEC(key_engine): request timer fired: count = 1, (identity) local= 95.103.225.196, remote= 162.145.74.130, local_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4), remote_proxy= 118.1.118.0/255.255.255.0/0/0 (type=4)
ISAKMP (0): deleting SA: src 95.103.225.196, dst 162.145.74.130 ISADB: reaper checking SA 0x3575e7c, conn_id = 0 DELETE IT!
VPN Peer:ISAKMP: Peer Info for 162.145.74.130/500 not found - peers:0
******************************************************************************** no ISAKMP NAT-Tpixfirewall(config)# ISAKMP (0): beginning Main Mode exchange crypto_isakmp_process_block:src:162.145.74.130, dest:95.103.225.196 spt:500 dpt:
500 ISAKMP: drop P2 msg on unauthenticated SAISAKMP (0): retransmitting phase 1 (0)... ISAKMP (0): retransmitting phase 1 (4)... ISAKMP (0): deleting SA: src 95.103.225.196, dst
162.145.74.130IPSEC(key_engine) : request timer fired: count = 1, (identity) local= 95.103.225.196, remote= 162.145.74.130, local_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4), remote_proxy= 118.1.118.0/255.255.255.0/0/0 (type=4)ISAKMP (0): beginning Main Mode exchange crypto_isakmp_process_block:src:162.145.74.130, dest:95.103.225.196 spt:500 dpt:
500 ISAKMP: drop P2 msg on unauthenticated SAISADB: reaper checking SA 0x3576604, conn_id = 0 ISADB: reaper checking SA 0x3575e7c, conn_id = 0 DELETE IT!
VPN Peer:ISAKMP: Peer Info for 162.145.74.130/500 not found - peers:0
********************************************************************************* Here is part of my config: sysopt connection permit-ipsec crypto ipsec transform-set mytrans esp-3des esp-sha-hmac crypto map mymap 10 ipsec-isakmp crypto map mymap 10 match address nonat crypto map mymap 10 set pfs group2 crypto map mymap 10 set peer 162.145.74.130 crypto map mymap 10 set transform-set mytrans crypto map mymap interface outside isakmp enable outside isakmp key ****** address 162.145.74.130 netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 ********************* TIA, Traol