When talking
to Nokia support about this same error with a different VPN hardware on the
other end, they stated that the two were not compatible. I know SP3 broke some IPSEC tunnels. For example, Sonicwall will work with
SP2 but not SP3. Good Luck…
Steven Zimmerman
CIO
IR Network Solutions
fax
-----Original
Message-----
From: David Greenwood
[mailto:[email protected]]
Sent: Wednesday, March 07, 2001
7:50 AM
To:
[email protected]
Subject: [FW1] Check Point to
Cisco 3030 IPSEC VPN Problems - "invalid cookie"
Hi,
I have been trying for a
while to set up a IPSEC VPN between a VPN-1 4.1 SP3 Check Point firewall and a
Cisco 3030 concentrator.
Both ends are set up to
use preshared secret, IKE encryption scheme, DES keys/MD5, data encryption of
DES / ESP and MD5.
When sending data from
the Cisco to Checkpoint all is ok, but it does not work the other way. The log
file give me messages in blue of "invalid cookie" and "payload
malformed and then green of "gateway connected to both end points: scheme
IKE"
When using the same
parameters between 2 checkpoint firewalls it works fine. I have also tried
3DES without any success.
The manual suggests that
these message mean "incompatible firewall". I have been told but
Checkpoint and Cisco that this should work.
Does anyone have any
ideas ? Has anyone successfully done it to these Cisco's ?
Thanks in advance.
David