![]() After this I only have a green light for IKE Info under status of the IPsec Tunnels area. Check Point Remote Access VPN is rated 8.8, while Fortinet FortiClient is rated 8.2. Check Point Remote Access VPN is ranked 4th in Enterprise Infrastructure VPN with 36 reviews while Fortinet FortiClient is ranked 1st in Enterprise Infrastructure VPN with 47 reviews. I have tried a proxy ID on the palo alto side with local being 10.30.30.0/24 (the local Palo Alto private network) and remote 10.10.10.0/24 (the Check Point side private network) and that brought the tunnel on the Palo Alto side down. 715,673 professionals have used our research since 2012. On the Palo Alto for the IKE crypto profile I am using Suite-B-GCM-128, and IPSec Crypto Profile Suite-B-GCM-128. I am under the impression that routing the traffic for destination 10.10.10.0/24 to the tunnel interface as a static route is all that is needed to identify the remote private network. I do not have any Proxy ID's configured on the Palo Alto side. ![]() I am using a "encryption domain" on the Check Point. On the Check Point side the local network is the 10.10.10.0/24. received local ID 10.30.30.0/24 type IPv_4_subnet protocol 0 port 0, received remote id: 10.10.10.0/24 type IPv4_subnet protocol 0 port 0. cannot find matching phase-2 tunnel for received proxy ID. In the "Monitor" > "System" log of the Palo Alto the message I am seeing is "ike-nego-p2-proxy-id-bad" "IKE phase-2 negotiation failed when processing proxy ID. ![]() The VPN tunnel on the Palo Alto side shows all green for phase 1 and 2, however on the Check Point side I keep getting a failure per the log "IKE failure no response from peer". I am trying to establish a successful VPN connection between my Palo Alto firewall and a Check Point firewall.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |