I'm trying to get a tunnel up between a Checkpoint firewall and a ASR. I control the ASR, but I have no visibility into the Checkpoint (and frankly neither does my counterpoint on the other side - they have a contracting company running it).
I get phase 1 complete, but phase 2 fails with:
ISAKMP-ERROR: (1757):IPSec policy invalidated proposal with error 1024 ISAKMP-ERROR: (1757):phase 2 SA policy not acceptable!
I believe this is probably an ACL mis-match. is there anyway to see what the Checkpoint is sending me for phase 2?
Is there anyway to look at the traffic and make my ACL match the Checkpoint side so that I can prove what is going on?
Thanks!
No comments:
Post a Comment