https://community.checkpoint.com/t5/General-Topics/Problem-IP-Sec-VPN-Checkpoint-gt-Juniper-no-response-from-peer/m-p/2711#M125 <HTML><HEAD></HEAD><BODY><P style="margin-bottom: .0001pt;"><STRONG style="font-weight: normal; font-size: 11.5pt; font-family: Tahoma, sans-serif;">Hi Tim Hall </STRONG></P><P><SPAN style="font-size: 11.5pt; font-family: Tahoma, sans-serif;"> </SPAN></P><P><SPAN style="font-size: 11.5pt; font-family: Tahoma, sans-serif;">Thanks for your answer , from juniper side he have a question about why he need to configuration Proxy IDs </SPAN></P><P><SPAN style="font-size: 11.5pt; font-family: Tahoma, sans-serif;"> </SPAN></P><P><SPAN style="font-size: 11.5pt; font-family: Tahoma, sans-serif;">Because Connection can operation normally (Problem&nbsp; </SPAN><SPAN style="color: #5f5f5f; font-weight: bold; font-size: 16px; font-family: 'Tahoma','sans-serif';">"no response from peer. IKE failure happen some time ")</SPAN></P><P><SPAN style="color: #5f5f5f; font-weight: bold; font-size: 16px; font-family: 'Tahoma','sans-serif';"> <BR /></SPAN><SPAN style="color: #5f5f5f; font-size: 16px; font-family: 'Tahoma','sans-serif';"> </SPAN><SPAN style="color: #5f5f5f; font-size: 16px; font-family: Tahoma, sans-serif;">I mean if not configuration proxy ID tunnel can operation but problem found randomly time.</SPAN></P><P></P><P><SPAN style="color: #5f5f5f; font-size: 16px; font-family: Tahoma, sans-serif;">BR,</SPAN></P><P><SPAN style="color: #5f5f5f; font-size: 16px; font-family: Tahoma, sans-serif;">Ake V</SPAN></P></BODY></HTML> Thu, 06 Oct 2016 08:42:21 GMT Ake_Veeraolansi 2016-10-06T08:42:21Z https://community.checkpoint.com/t5/General-Topics/Problem-IP-Sec-VPN-Checkpoint-gt-Juniper-no-response-from-peer/m-p/2709#M123 <HTML><HEAD></HEAD><BODY><P style="font-family: 'Antenna Light'; font-size: 12px; color: #5f5f5f;"><SPAN style="font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;"><STRONG style="font-family: Antenna;">Hi ,</STRONG></SPAN></P><P style="font-family: 'Antenna Light'; font-size: 12px; color: #5f5f5f;"><SPAN style="font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;"> </SPAN></P><P style="font-family: 'Antenna Light'; font-size: 12px; color: #5f5f5f;"><SPAN style="font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;"><STRONG style="font-family: Antenna;">&nbsp;&nbsp; I have a question about IP Sec VPN Connection&nbsp; Checkpoint &gt; Juniper </STRONG></SPAN></P><P style="font-family: 'Antenna Light'; font-size: 12px; color: #5f5f5f;"><SPAN style="font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;"> </SPAN></P><P style="font-family: 'Antenna Light'; font-size: 12px; color: #5f5f5f;"><SPAN style="font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;"><STRONG style="font-family: Antenna;">Some times I found error message from checkpoint "no response from peer. IKE failure "<BR /></STRONG></SPAN></P><P style="font-family: 'Antenna Light'; font-size: 12px; color: #5f5f5f;"><SPAN style="font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;"><STRONG style="font-family: Antenna;"> As i check on juniper srx did't set Proxy ID configuration So , If Someone here have&nbsp; <A href="https://dict.longdo.com/search/experience" rel="nofollow noopener noreferrer" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: inherit;" target="_blank">experience</A> with </STRONG></SPAN></P><P style="font-family: 'Antenna Light'; font-size: 12px; color: #5f5f5f;"><SPAN style="font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;"> </SPAN></P><P style="font-family: 'Antenna Light'; font-size: 12px; color: #5f5f5f;"><SPAN style="font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;"><STRONG style="font-family: Antenna;">IP Sec VPN checkpoint and Juniper srx&nbsp; please suggest solution or basic investigate problem</STRONG></SPAN></P><P style="font-family: 'Antenna Light'; font-size: 12px; color: #5f5f5f;"><SPAN style="font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;"> </SPAN></P><P style="font-family: 'Antenna Light'; font-size: 12px; color: #5f5f5f;"><SPAN style="font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;"><STRONG style="font-family: Antenna;">Thanks you </STRONG></SPAN></P><P style="font-family: 'Antenna Light'; font-size: 12px; color: #5f5f5f;"><SPAN style="font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;"><STRONG style="font-family: Antenna;">BR,</STRONG></SPAN></P><P style="font-family: 'Antenna Light'; font-size: 12px; color: #5f5f5f;"><SPAN style="font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;"><STRONG style="font-family: Antenna;">Ake V</STRONG></SPAN></P></BODY></HTML> Mon, 03 Oct 2016 12:42:08 GMT https://community.checkpoint.com/t5/General-Topics/Problem-IP-Sec-VPN-Checkpoint-gt-Juniper-no-response-from-peer/m-p/2709#M123 Ake_Veeraolansi 2016-10-03T12:42:08Z https://community.checkpoint.com/t5/General-Topics/Problem-IP-Sec-VPN-Checkpoint-gt-Juniper-no-response-from-peer/m-p/2710#M124 <HTML><HEAD></HEAD><BODY><P>If the subnets/Proxy-IDs proposal made by the Check Point in IKE Phase 2 does not match the Juniper subnet definitions EXACTLY (matching subsets are not allowed on Juniper/Fortinet/Sonicwall whereas they are allowed on Cisco/Check Point), the Juniper will discard the request and not answer.&nbsp; Either the Juniper administrator needs to modify their policy to match the subnets/masks your Check Point is proposing, or you need to explicitly define the subnets you want to propose to the Juniper in a user.def file on the Security Management Server.&nbsp; See sk62590 for the proper user.def.* file to edit as there are numerous variants depending on the version of the security gateway, and see sk108600 for the proper syntax definition of the Proxy-IDs in the user.def.* file.</P><P></P><P>--</P><P>My book "Max Power: Check Point Firewall Performance Optimization"</P><P>now available via <A href="http://maxpowerfirewalls.com/" target="_blank">http://maxpowerfirewalls.com</A>.</P></BODY></HTML> Wed, 05 Oct 2016 15:47:47 GMT https://community.checkpoint.com/t5/General-Topics/Problem-IP-Sec-VPN-Checkpoint-gt-Juniper-no-response-from-peer/m-p/2710#M124 Timothy_Hall 2016-10-05T15:47:47Z https://community.checkpoint.com/t5/General-Topics/Problem-IP-Sec-VPN-Checkpoint-gt-Juniper-no-response-from-peer/m-p/2711#M125 <HTML><HEAD></HEAD><BODY><P style="margin-bottom: .0001pt;"><STRONG style="font-weight: normal; font-size: 11.5pt; font-family: Tahoma, sans-serif;">Hi Tim Hall </STRONG></P><P><SPAN style="font-size: 11.5pt; font-family: Tahoma, sans-serif;"> </SPAN></P><P><SPAN style="font-size: 11.5pt; font-family: Tahoma, sans-serif;">Thanks for your answer , from juniper side he have a question about why he need to configuration Proxy IDs </SPAN></P><P><SPAN style="font-size: 11.5pt; font-family: Tahoma, sans-serif;"> </SPAN></P><P><SPAN style="font-size: 11.5pt; font-family: Tahoma, sans-serif;">Because Connection can operation normally (Problem&nbsp; </SPAN><SPAN style="color: #5f5f5f; font-weight: bold; font-size: 16px; font-family: 'Tahoma','sans-serif';">"no response from peer. IKE failure happen some time ")</SPAN></P><P><SPAN style="color: #5f5f5f; font-weight: bold; font-size: 16px; font-family: 'Tahoma','sans-serif';"> <BR /></SPAN><SPAN style="color: #5f5f5f; font-size: 16px; font-family: 'Tahoma','sans-serif';"> </SPAN><SPAN style="color: #5f5f5f; font-size: 16px; font-family: Tahoma, sans-serif;">I mean if not configuration proxy ID tunnel can operation but problem found randomly time.</SPAN></P><P></P><P><SPAN style="color: #5f5f5f; font-size: 16px; font-family: Tahoma, sans-serif;">BR,</SPAN></P><P><SPAN style="color: #5f5f5f; font-size: 16px; font-family: Tahoma, sans-serif;">Ake V</SPAN></P></BODY></HTML> Thu, 06 Oct 2016 08:42:21 GMT https://community.checkpoint.com/t5/General-Topics/Problem-IP-Sec-VPN-Checkpoint-gt-Juniper-no-response-from-peer/m-p/2711#M125 Ake_Veeraolansi 2016-10-06T08:42:21Z https://community.checkpoint.com/t5/General-Topics/Problem-IP-Sec-VPN-Checkpoint-gt-Juniper-no-response-from-peer/m-p/2712#M126 <HTML><HEAD></HEAD><BODY><P>To have a basic information to start to investigate , you could do :</P><UL><LI>ike debug on check point firewall</LI></UL><P>vpn debug ikeon</P><P>vpn debug ikeoff</P><P>&nbsp;&nbsp;&nbsp; $FWDIR/log/ike.elg</P><P>&nbsp;&nbsp;&nbsp; $FWDIR/log/ikev2.xmll</P><P>Tool -&gt; IKEview</P></BODY></HTML> Thu, 06 Oct 2016 15:34:58 GMT https://community.checkpoint.com/t5/General-Topics/Problem-IP-Sec-VPN-Checkpoint-gt-Juniper-no-response-from-peer/m-p/2712#M126 L_Rossi_89 2016-10-06T15:34:58Z