On the Cisco ISR, debug crypto isakmp wasn’t especially helpful: Jun 18 11:06:17.085: ISAKMP: (0):purging SA., sa=3246F97C, delme=3246F97C Pre-shared-key address 192.0.2.190 key abcdefghij1234567890Īfter verifying connectivity, doing packet captures, and multiple reboots on on both ends, IKE simply would not come up. CheckPoint R80 VPN communities default to AES-256, SHA-1, Group 2, and 1-day timetime which is easy to match on the Cisco with this config: crypto keyring mycheckpoint I had previously done Cisco router to CheckPoint R80.30 gateway VPNs before without issue, but for whatever reason could not even establish phase 1 for this one.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |