Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hahmet
New Contributor

Fortigate 5.2 to CheckPoint R75 Vpn Problem.

Hi,

We are using Fgt 1000c 5.2.2 build642

we are trying a Ipsec Vpn to CheckPoint R75 but

ipsec Phase 2 error "no matching phase2 found"

 

most config changes but nothing changed

 

2015-01-26 16:22:08 ike 0:REMOTRCHK:31321:3234: peer proposal is: peer:0:9x.1xx.1xx.2-9x.1xx.1xx.3:0, me:0:10.50.50.0-10.50.50.255:0

2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321:REMOTEVPNCHK:3234: trying

2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321:3234: specified selectors mismatch

2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321:3234: peer: type=7/7, local=0:10.50.50.0-10.50.50.255:0, remote=0:9x.1xx.1xx.2-9x.1xx.1xx.3:0

2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321:3234: mine: type=7/7, local=0:10.50.50.0-10.50.50.255:0, remote=0:10.90.0.0-10.90.255.255:0

2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321:3234: no matching phase2 found

2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321:3234: failed to get responder proposal

2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321: error processing quick-mode message from 9x.1xx.1xx.2 as responder

1 REPLY 1
jb_kalm
Contributor

Hi, It looks like your phase 2 selectors don't match on both ends. They need to exactly mirror each other. 

 

For example:

 

Peer1

Source: 192.168.1.0/24

Destination: 192.168.2.0/24

 

Peer 2

Source: 192.168.2.0/24

Destination: 192.168.1.0/24

 

jb

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors