https://live.paloaltonetworks.com/t5/general-topics/vpn-between-palo-alto-and-check-point-firewall/m-p/307993#M79942 <P>Hello,</P><P>Double check your phase1 and 2 match.</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK</A></P><P>&nbsp;</P><P>And troubleshooting guide.</P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC</A></P><P>&nbsp;</P><P>Cheers!</P> Sat, 25 Jan 2020 18:46:42 GMT OtakarKlier 2020-01-25T18:46:42Z https://live.paloaltonetworks.com/t5/general-topics/vpn-between-palo-alto-and-check-point-firewall/m-p/307979#M79939 <P>Hello,</P><P>I am trying to establish a successful VPN connection between my Palo Alto firewall and a Check Point firewall. The VPN tunnel on the Palo Alto side shows all green for phase 1 and 2, however on the Check Point side I keep getting a failure per the log "IKE failure no response from peer".</P><P>In the "Monitor" &gt; "System" log of the Palo Alto the message I am seeing is "ike-nego-p2-proxy-id-bad" "IKE phase-2 negotiation failed when processing proxy ID. cannot find matching phase-2 tunnel for received proxy ID. received local ID 10.30.30.0/24 type IPv_4_subnet protocol 0 port 0, received remote id: 10.10.10.0/24 type IPv4_subnet protocol 0 port 0.</P><P>On the Check Point side the local network is the 10.10.10.0/24. I am using a "encryption domain" on the Check Point.</P><P>I do not have any Proxy ID's configured on the Palo Alto side. I am under the impression that routing the traffic for destination 10.10.10.0/24 to the tunnel interface as a static route is all that is needed to identify the remote private network.</P><P>On the Palo Alto for the IKE crypto profile I am using Suite-B-GCM-128, and IPSec Crypto Profile Suite-B-GCM-128.</P><P>&nbsp;</P><P>I have tried a proxy ID on the palo alto side with local being 10.30.30.0/24 (the local Palo Alto private network) and remote 10.10.10.0/24 (the Check Point side private network) and that brought the tunnel on the Palo Alto side down.&nbsp; After this I only have a green light for IKE Info under status of the IPsec Tunnels area.</P> Sat, 25 Jan 2020 15:55:17 GMT https://live.paloaltonetworks.com/t5/general-topics/vpn-between-palo-alto-and-check-point-firewall/m-p/307979#M79939 mjensen40400 2020-01-25T15:55:17Z https://live.paloaltonetworks.com/t5/general-topics/vpn-between-palo-alto-and-check-point-firewall/m-p/307985#M79940 <P>After removing the proxy ID on the Palo Alto side I now receive:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="palo.PNG" style="width: 273px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23623i3198B2B2D8DFEBFC/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="palo.PNG" alt="palo.PNG" /></span></P><P>&nbsp;</P><P>Any help on this will be greatly appreciated!</P> Sat, 25 Jan 2020 16:11:41 GMT https://live.paloaltonetworks.com/t5/general-topics/vpn-between-palo-alto-and-check-point-firewall/m-p/307985#M79940 mjensen40400 2020-01-25T16:11:41Z https://live.paloaltonetworks.com/t5/general-topics/vpn-between-palo-alto-and-check-point-firewall/m-p/307993#M79942 <P>Hello,</P><P>Double check your phase1 and 2 match.</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGkCAK</A></P><P>&nbsp;</P><P>And troubleshooting guide.</P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC</A></P><P>&nbsp;</P><P>Cheers!</P> Sat, 25 Jan 2020 18:46:42 GMT https://live.paloaltonetworks.com/t5/general-topics/vpn-between-palo-alto-and-check-point-firewall/m-p/307993#M79942 OtakarKlier 2020-01-25T18:46:42Z