Hi Team,
I am trying to build a tunnel with Check Point firewall and surprisingly this is failing on Phase1 Packet1. This is what error I am seeing on VYOS error messages
143.244.xxx.xxx is Vyos IP
And 59.185.xxx.xxx is Check Point IP
Dec 11 09:16:08 xxx-xxxx charon: 08[IKE] <1060> 59.185.xxx.xxxis initiating a Main Mode IKE_SA
Dec 11 09:16:08 xxx-xxxx charon: 08[CFG] <1060> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
Dec 11 09:16:08 xxx-xxxx charon: 08[ENC] <1060> generating ID_PROT response 0 [ SA V V V ]
Dec 11 09:16:08 xxx-xxxx charon: 08[NET] <1060> sending packet: from 143.244.xxx.xxx[500] to 59.185.xxx.xxx[500] (144 bytes)
Dec 11 09:16:08 xxx-xxxx charon: 16[NET] <1060> received packet: from 59.185.xxx.xxx[500] to 143.244.xxx.xxx[500] (184 bytes)
Dec 11 09:16:08 xxx-xxxx charon: 16[ENC] <1060> parsed ID_PROT request 0 [ KE No ]
Dec 11 09:16:08 xxx-xxxx charon: 16[ENC] <1060> generating ID_PROT response 0 [ KE No ]
Dec 11 09:16:08 xxx-xxxx charon: 16[NET] <1060> sending packet: from 143.244.xxx.xxx[500] to 59.185.xxx.xxx[500] (196 bytes)
Dec 11 09:16:08 xxx-xxxx charon: 06[NET] <1060> received packet: from 59.185.xxx.xxx[500] to 143.244.xxx.xxx[500] (108 bytes)
Dec 11 09:16:08 xxx-xxxx charon: 06[ENC] <1060> invalid ID_V1 payload length, decryption failed?
Dec 11 09:16:08 xxx-xxxx charon: 06[ENC] <1060> could not decrypt payloads
Dec 11 09:16:08 xxx-xxxx charon: 06[IKE] <1060> message parsing failed
Dec 11 09:16:08 xxx-xxxx charon: 06[ENC] <1060> generating INFORMATIONAL_V1 request 1541042739 [ HASH N(PLD_MAL) ]
Dec 11 09:16:08 xxx-xxxx charon: 06[NET] <1060> sending packet: from 143.244.xxx.xxx[500] to 59.185.xxx.xxx[500] (92 bytes)
Dec 11 09:16:08 xxx-xxxx charon: 06[IKE] <1060> ID_PROT request with message ID 0 processing failed
Dec 11 09:16:10 xxx-xxxx charon: 11[NET] <1060> received packet: from 59.185.xxx.xxx[500] to 143.244.xxx.xxx[500] (108 bytes)
Dec 11 09:16:10 xxx-xxxx charon: 11[ENC] <1060> invalid ID_V1 payload length, decryption failed?
Dec 11 09:16:10 xxx-xxxx charon: 11[ENC] <1060> could not decrypt payloads
Dec 11 09:16:10 xxx-xxxx charon: 11[IKE] <1060> message parsing failed
Dec 11 09:16:10 xxx-xxxx charon: 11[ENC] <1060> generating INFORMATIONAL_V1 request 76096589 [ HASH N(PLD_MAL) ]
Dec 11 09:16:10 xxx-xxxx charon: 11[NET] <1060> sending packet: from 143.244.xxx.xxx[500] to 59.185.xxx.xxx[500] (92 bytes)
Dec 11 09:16:10 xxx-xxxx charon: 11[IKE] <1060> ID_PROT request with message ID 0 processing failed
Dec 11 09:16:10 xxx-xxxx charon: 09[IKE] <peer-59.185.xxx.xxx-tunnel-10|2> giving up after 5 retransmits
Dec 11 09:16:10 xxx-xxxx charon: 09[IKE] <peer-59.185.xxx.xxx-tunnel-10|2> peer not responding, trying again (359/0)
Dec 11 09:16:10 xxx-xxxx charon: 09[IKE] <peer-59.185.xxx.xxx-tunnel-10|2> initiating Main Mode IKE_SA peer-59.185.xxx.xxx-tunnel-10[2] to 59.185.xx.xxx
Dec 11 09:16:10 xxx-xxxx charon: 09[ENC] <peer-59.185.xxx.xxx-tunnel-10|2> generating ID_PROT request 0 [ SA V V V V V ]
Dec 11 09:16:10 xxx-xxxx charon: 09[NET] <peer-59.185.xxx.xxx-tunnel-10|2> sending packet: from 143.244.xxx.xxx[500] to 59.185.xxx.xxx[500] (180 bytes)
Dec 11 09:16:10 xxx-xxxx charon: 07[NET] <peer-59.185.xxx.xxx-tunnel-10|2> received packet: from 59.185.xxx.xxx[500] to 143.244.xxx.xxx[500] (124 bytes)
Dec 11 09:16:10 xxx-xxxx charon: 07[ENC] <peer-59.185.xxx.xxx-tunnel-10|2> parsed ID_PROT response 0 [ SA V V ]
Dec 11 09:16:10 xxx-xxxx charon: 07[IKE] <peer-59.185.xxx.xxx-tunnel-10|2> received FRAGMENTATION vendor ID
Dec 11 09:16:10 xxx-xxxx charon: 07[IKE] <peer-59.185.xxx.xxx-tunnel-10|2> received NAT-T (RFC 3947) vendor ID
Dec 11 09:16:10 xxx-xxxx charon: 07[CFG] <peer-59.185.xxx.xxx-tunnel-10|2> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
Dec 11 09:16:10 xxx-xxxx charon: 07[ENC] <peer-59.185.xxx.xxx-tunnel-10|2> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Dec 11 09:16:10 xxx-xxxx charon: 07[NET] <peer-59.185.xxx.xxx-tunnel-10|2> sending packet: from 143.244.xxx.xxx[500] to 59.185.xxx.xxx[500] (268 bytes)
Dec 11 09:16:10 xxx-xxxx charon: 05[NET] <peer-59.185.xxx.xxx-tunnel-10|2> received packet: from 59.185.xxx.xxx[500] to 143.244.xxx.xxx[500] (256 bytes)
Dec 11 09:16:10 xxx-xxxx charon: 05[ENC] <peer-59.185.xxx.xxx-tunnel-10|2> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Dec 11 09:16:10 xxx-xxxx charon: 05[ENC] <peer-59.185.xxx.xxx-tunnel-10|2> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Dec 11 09:16:10 xxx-xxxx charon: 05[NET] <peer-59.185.xxx.xxx-tunnel-10|2> sending packet: from 143.244.xxx.xxx[500] to 59.185.xxx.xxx[500] (108 bytes)
Dec 11 09:16:11 xxx-xxxx charon: 13[NET] <peer-59.185.xxx.xxx-tunnel-10|2> received packet: from 59.185.xxx.xxx[500] to 143.244.xxx.xxx[500] (40 bytes)
Dec 11 09:16:11 xxx-xxxx charon: 13[ENC] <peer-59.185.xxx.xxx-tunnel-10|2> parsed INFORMATIONAL_V1 request 1486988207 [ N(PLD_MAL) ]
Dec 11 09:16:11 xxx-xxxx charon: 13[ENC] <peer-59.185.xxx.xxx-tunnel-10|2> ignoring unprotected INFORMATIONAL from 59.185.xxx.xxx
Dec 11 09:16:11 xxx-xxxx charon: 13[IKE] <peer-59.185.xxx.xxx-tunnel-10|2> message verification failed
Dec 11 09:16:11 xxx-xxxx charon: 13[IKE] <peer-59.185.xxx.xxx-tunnel-10|2> ignore malformed INFORMATIONAL request
Dec 11 09:16:11 xxx-xxxx charon: 13[IKE] <peer-59.185.xxx.xxx-tunnel-10|2> INFORMATIONAL_V1 request with message ID 1486988207 processing failed
Plus Phase2 was getting natted at other end and wrong prefixes are being exchanged. Plus I changed mode as a responder.