![]() After this I only have a green light for IKE Info under status of the IPsec Tunnels area. I have tried a proxy ID on the palo alto side with local being 10.30.30.0/24 (the local Palo Alto private network) and remote 10.10.10.0/24 (the Check Point side private network) and that brought the tunnel on the Palo Alto side down. ![]() On the Palo Alto for the IKE crypto profile I am using Suite-B-GCM-128, and IPSec Crypto Profile Suite-B-GCM-128. I am under the impression that routing the traffic for destination 10.10.10.0/24 to the tunnel interface as a static route is all that is needed to identify the remote private network. I do not have any Proxy ID's configured on the Palo Alto side. I am using a "encryption domain" on the Check Point. ![]() On the Check Point side the local network is the 10.10.10.0/24. received local ID 10.30.30.0/24 type IPv_4_subnet protocol 0 port 0, received remote id: 10.10.10.0/24 type IPv4_subnet protocol 0 port 0. To install the Check Point Virtual Network Adapter For Endpoint VPN Client on win 10 you must: right click on window start menu icon and select Device manage r. cannot find matching phase-2 tunnel for received proxy ID. In the "Monitor" > "System" log of the Palo Alto the message I am seeing is "ike-nego-p2-proxy-id-bad" "IKE phase-2 negotiation failed when processing proxy ID. The VPN tunnel on the Palo Alto side shows all green for phase 1 and 2, however on the Check Point side I keep getting a failure per the log "IKE failure no response from peer". I am trying to establish a successful VPN connection between my Palo Alto firewall and a Check Point firewall.
0 Comments
Leave a Reply. |