This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kumar_Sambhav
Participant
‎2018-01-17 10:48 PM

VPN issue between Checkpoint on AWS and Cisco ASA on premise

Hello,

I have VPN tunnel up and running between CheckPoint R77.30 on AWS and Cisco ASA on premise. Traffic is coming from Cisco side however, from CheckPoint side it is getting dropped( Encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database) and reject ( Encryption failure: no response from peer.). Please advise

8 Replies
Deepak_Chauhan
Explorer
‎2018-01-18 01:47 AM

What did you find, if you compared Checkpoint and ASA vpn configuration?

0 Kudos
Kumar_Sambhav
Participant
‎2018-01-18 06:20 AM
In response to Deepak_Chauhan

Issue was due to VPN domain mismatch. Resolved now after giving same subnet IPs at both end. Check point had full subnet defined and at cisco only 3 Ips of same subnet were there

0 Kudos
Danny
Champion Champion
Champion
‎2018-01-18 02:54 AM

Check on your Cisco what VPN Encryption Domain networks (crypto map) the Check Point tries to negotiate with it. Adjust your Cisco config accordingly.

0 Kudos
Kumar_Sambhav
Participant
‎2018-01-18 06:17 AM
In response to Danny

Thanks Danny,

You were right. CheckPoint had the full remote network subnet in its VPN domian, where as at Cisco side only 3 IPs of subnet were listed. After adjusting VPN domain, connection worked fine

0 Kudos
Gaurav_Pandya
Advisor
‎2018-01-18 03:52 AM

Yeah. This type of error generally comes when mismatch of VPN Encryption domain. It should same at both end.

First it choose the valid Proposal and negotiate with same proposal. So check the Encryption method & Algorithm as well.

0 Kudos
Kumar_Sambhav
Participant
‎2018-01-18 06:18 AM
In response to Gaurav_Pandya

Thanks Gaurav,

You were right. CheckPoint had the full remote network subnet in its VPN domian, where as at Cisco side only 3 IPs of subnet were listed. After adjusting VPN domain, connection worked fine

Gaurav_Pandya
Advisor
‎2018-01-18 06:40 AM
In response to Kumar_Sambhav

Ok Great.

0 Kudos
Luisnego
Contributor
‎2018-06-20 09:29 AM
In response to Kumar_Sambhav

when you configured the VPN domain, you set up your network subnet too, in the group networks?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events