This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TomasFy
Explorer
‎2022-03-25 10:22 AM

Limit in received IKEv2 Phase-1 SA Proposal count

Hi,

 

I am working on a VPN with 3rd party vendor and we cannot make it working.

During troubleshooting I found out that the problem is down to fact that gateway can ‘see’ only 16 IKE Phase-1 Proposals sent from the other party.

As result the tunnel negotiation is refused with message “No proposal chosen”.

 

In packet capture I can see that 20 proposals are sent, but in ikev2.xmll debug file I can only see 16. On the basis of Peer engineer’s analysis I know that the 16 Proposals in our GW’s debug match 1st 16 sets in their configuration.The rest seems to be just cut off.

The one which should match has index 17 …

 

Is this a known problem and is there any solution to it?

 

My GW version R80.40 with JHF T139. The Peer's GW is Cisco ASA-X

0 Kudos
4 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events