[FW1] FW-1 and SonicWall SOHO2 VPN - help needed

[Petar Karafezov <petar@FW1-NOSPAMmetamarkets.com>]

Hello all -

We've recently purchased SonicWall SOHO2 for one of our remote offices.
Everything on it runs great, but the VPN with our CheckPoint 4.1 SP4 fails.
We're trying the pre-shared secret IKE mode. We've upgraded the SonicWall to
firmware 6.0.1.1, but no luck.

The CheckPoint log viewer says: "IKE Log: Received notification from peer:
No proposal chosen". At the same time SonicWall tells me: "IKE Responder:
Begin Aggressive Mode Phase 1" and goes with this message on and on.

Yes, we've inserted a NAT rule on the CheckPoint site to prevent the traffic
that is to be encrypted from being Nat-ed at the same time.

We're set the rules on SonicWall to accept fragmented IPSEC packets and
followed step by step the document on the SonicWall site that describes the
VPN setup for CheckPoint, but no luck. SonicWall support wasn't really
helpful with this issue, so I am wondering in anyone on the list has had
this problem solved.

One thing that might be the real problem here is the fact that our SonicWall
obtains it's WAN IP via DHCP. The other thing I noticed is once you enable
the VPN, the admin gui automatically inserts a rule in the Access List of
SonicWall that reads like this:

Accept IKE from * to 192.168.1.1(*)  - where 192.168.1.1 is the LAN
interface of the SonicWall. This really looks strange, as I'd expect too
there the WAN IP, and not the LAN one. But again, that might be because that
WAN IP is obtained via DHCP. 

Any suggestions ??

Regards,
Petar Karafezov

MetaMarkets.com-------------------------------------------
Investing Out Loud at
http://www.metamarkets.com
-------------------------------------------


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================