Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Engii
Explorer

VPN problems - Invalid ID

Hello every one

I can't get up the vpn between two gateways, checking the logs it says "Notification to Peer: invalid id information". I don't understand what it mean by id. Also, the IKE Responder Cookie and Initiator are different. Could it be because of that?

Does anyone know what Invalid id information refers to? and what causes it?

 

thanks for your help

 

0 Kudos
2 Replies
_Val_
Admin
Admin

First, which version of the GW software and hardware are you using?

IKE VPN ID is a combination of peer IP and its VPN domain. It has to be identical for both parties. If there is a mismatch, you will not be able to open a tunnel.

0 Kudos
the_rock
Legend
Legend

Most likely phase 2 mismatch somewhere. I would follow below sk:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Also, on top of that, make sure below 3 settings are set to FALSE in Guidbedit:

ike_enable_supernet
ike_p2_enable_supernet_from_R80.20
ike_use_largest_possible_subnets

I recall even if really old versions of CP, this was an issue where CP always tried to present larger subnet than intended, so say if Cisco is expecting, for example, /28 subnet, CP would have tried to send something bigger, for example/24.

Anyway, had not seen much of that since R80 came out initially, but I would still verify those values.

0 Kudos