Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 16388 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SitetoSite VPN from Sophos UTM to Checkpoint

mtcenter
Hi, can anyone gave me a short advice to build a sitetosite ipsec vpn tunnel from a sophos utm device to an checkpoint firewall?

thanks

mtcenter


This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    I am trying to complete same configuration but no luck so far.

    Here are some the latest line in my log after debug

    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | ***emit ISAKMP Vendor ID Payload:

    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | next payload type: ISAKMP_NEXT_VID
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | emitting length of ISAKMP Vendor ID Payload: 20
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-00]
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | ***emit ISAKMP Vendor ID Payload:
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | next payload type: ISAKMP_NEXT_NONE
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | V_ID 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | emitting length of ISAKMP Vendor ID Payload: 20
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | emitting length of ISAKMP Message: 260
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | next event EVENT_RETRANSMIT in 10 seconds for #1
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: |
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | *received whack message
    2016:09:08-16:58:14 i_api_priv_tunl_vpn02 pluto[6233]: | next event EVENT_RETRANSMIT in 10 seconds for #1
    2016:09:08-16:58:24 i_api_priv_tunl_vpn02 pluto[6233]: |
    2016:09:08-16:58:24 i_api_priv_tunl_vpn02 pluto[6233]: | *time to handle event
    2016:09:08-16:58:24 i_api_priv_tunl_vpn02 pluto[6233]: | event after this is EVENT_REINIT_SECRET in 3589 seconds
    2016:09:08-16:58:24 i_api_priv_tunl_vpn02 pluto[6233]: | handling event EVENT_RETRANSMIT for 201.148.1.161 "S_VPN PROSA TRIARA" #1
    2016:09:08-16:58:24 i_api_priv_tunl_vpn02 pluto[6233]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1
    2016:09:08-16:58:24 i_api_priv_tunl_vpn02 pluto[6233]: | next event EVENT_RETRANSMIT in 20 seconds for #1
    2016:09:08-16:58:44 i_api_priv_tunl_vpn02 pluto[6233]: |
    2016:09:08-16:58:44 i_api_priv_tunl_vpn02 pluto[6233]: | *time to handle event
    2016:09:08-16:58:44 i_api_priv_tunl_vpn02 pluto[6233]: | event after this is EVENT_REINIT_SECRET in 3569 seconds
    2016:09:08-16:58:44 i_api_priv_tunl_vpn02 pluto[6233]: | handling event EVENT_RETRANSMIT for 201.148.1.161 "S_VPN PROSA TRIARA" #1
    2016:09:08-16:58:44 i_api_priv_tunl_vpn02 pluto[6233]: | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #1
    2016:09:08-16:58:44 i_api_priv_tunl_vpn02 pluto[6233]: | next event EVENT_RETRANSMIT in 40 seconds for #1
  • 0 in reply to OmnerBarajas

    Omner, if you want to continue this thread, please disable debug and show us about 60 lines from a single connection attempt.  Also, show us the Edits of the IPsec Connection and the Remote Gateway.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to OmnerBarajas

    Omner, if you want to continue this thread, please disable debug and show us about 60 lines from a single connection attempt.  Also, show us the Edits of the IPsec Connection and the Remote Gateway.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML