Subscribe Feed (RSS)VPN Phase 1 fails – Checkpoint to Cisco
May 12th, 2008 by devnull | Filed under Uncategorized, firewalls.I recently encountered a problem setting up a VPN tunnel between a Cisco router and a Checkpoint firewall.
From the firewall side, i could see an IKE packet going out, and nothing coming back.
On the Router side, there was a reply to the IKE, but an error logged:
“Duplicate Phase 1 packet detected. Retransmitting lastpacket.”
Now this error should appear if the reply is discarded on the firewall side, and it tries to re-send the initial IKE packet.
Nothing indicated it in the firewall log.
What solved it was enabling Aggressive Mode on the firewall side.
I didnt have the time to go over and see why this helped, but it did the trick, so i moved on.
Another thing, and this is more of a reminder for me, the command for tunnel handling on checkpoint, is “vpn tu”. There you can see all the tunnels, and delete them.
If you know what caused this, please share 
Update – here is why
Tags: checkpoint, cisco, router, vpn
[...] VPN Phase 1 fails – Checkpoint to Cisco – Update May 22nd, 2009 by devnull | Filed under Uncategorized. A while back i wrote a post about a problem setting up a vpn tunnel between a cisco router and a checkpoint firewall. When i tried to open he tunnel, the following error showed up in the log files: “Duplicate Phase 1 packet detected. Retransmitting lastpacket.” Back then i didnt have the time to research the problem, so i still owe you an explanation: By default, main mode is selected for phase 1 ike on the checkpoint configuration. The router was i trying to connect with, was configured with aggressive mode. So what was the problem? The two modes operate differently – Main mode uses 6 packet in the ike phase 1 and aggressive mode uses only 3. Aggressive mode identity packets are sent in clear text. This means one can sniff the identity traffic. The main mode first allow the encryption of the identity packets, and only then send them. While the aggressive mode is faster, as it requires less resources, the main mode is considered more secure. [...]