I am experiencing a weird issue on a FortiGate 60, MR7. So, the company needs to establish IPSec tunnels with one of major clients. The client has a Checkpoint 41 firewall. They had it set up so we need a different tunnel for each subnet we need to get in (with the same gateway).
The first 2 tunnels were established without issues. Now, the 3rd one, cloned after the ones that worked, although is being established without any issues, doesn' t passes any kind of traffic.
Tech Details:
Phase1:
[ul]
Mode - Main (the client doesn' t support Aggressive)
Authentication: Preshared key
Encryption: 3DES
Authentication: MD5
Keylife: 1800
XAuth: disable
[/ul]
Phase2:
[ul]
Encryption: 3DES
Authentication:MD5
Enable replay detection (but NO perfect forward secrecy - PFS)
[/ul]
The logs show everything fine but once this 3rd tunnel is established, nothing goes through. tcpdump from my end shows that no reply is received. The Checkpoint shows:<br>
encryption failure: no response from peer. scheme: IKE
Any ideas to get this thing working would be appreciated.