Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Forti
Explorer

Cp1450 S2S issue

Hello,

Im running 1450 smb appliance, trying to configure S2S vpn with a remote site running Zywall firewall.

If I check the tunnel status it is active..

However, the Zywall lan devices can ping CP lan While CP lan cannot reach to devices on the remote site lan.

Encryption settings are matched on both of the appliances, unchecked remote site is a checkpoint.. 

I saw a log no proposal chosen

any ideas ? Let me know if you need more details.

Appreciate your help.

 

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

No proposal chosen generally means the encryption settings don't match.
Is the 1430 locally managed or managed externally?
If externally, by what and what version?
What firmware version on the 1430?
Screenshots of everything you've configured (with sensitive data redacted) on both ends might also help.
0 Kudos
Timothy_Hall
Champion
Champion

Zyxels are very picky about what Phase 2 subnets/Proxy-IDs they will accept in a proposal, while the Check Point is much more tolerant which is why traffic initiated from the Zyxel works, but from the Check Point does not.  See this article:

https://community.checkpoint.com/t5/SMB-Appliances-and-SMP/VPN-problem-Phase-2-Quick-Mode-Received-N...

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos