# VPN between ZyWall and Checkpoint



## alex_ch (Jun 27, 2005)

Hi,

I must connect my ZyWall 35 to a CheckPoint. Currently, my ZyWall connects, but we can exchange data (no ping, no connection, nothing...)

In the log file, I've the following error :
[ID] : Rule [Name] Verifying Remote ID failed :
Recv ID: SINGLE, [xxx.xxx.xxx.xxx]
vs. My Remote [192.168.0.0]-[255.255.0.0]
(where xxx.xxx.xxx.xxx is the public address of the Checkpoint)

I've tried to change the Remote network parameters with the IP address. The log said me :
[ID] : Rule [Name] Verifying Remote ID failed :
Recv ID: SUBNET, [192.168.0.0]-[255.255.0.0]
vs. My Remote [xxx.xxx.xxx.xxx]-[xxx.xxx.xxx.xxx]

Do you have an idea ? Thanks for your help.


Alex




Main parameters of the ZyWall :
** Gateway **
IKE Proposal :
Negotiation mode : Main
Encryption algorithm : 3DES
Authentication algorithm : MD5
SA Life time : 28800
Key group : DH2

** Policy **
Local network : my subnet
Remote network : remote subnet
IPSec proposal :
Encapsulation mode : Tunnel
Active protocol : ESP
Encryption algorithm : 3DES
Authentication algorithm : MD5
SA Life time : 28800
Perfect forward secrecy : None


----------



## JamesO (Mar 30, 2005)

User name and password issue??

Don't know much about this gear.

What make and model do you have?

JamesO


----------



## alex_ch (Jun 27, 2005)

For my side, it's a Zyxel Zywall 35

For other side, it's a Nokia IP530 running Checkpoint NG AI R55


----------



## JamesO (Mar 30, 2005)

"Verifying Remote ID failed" appears to be something I would focus in on.

Again, verify user name and password. Maybe the problem is with the Nokia that it needs to be properly configured with User Name and Password to match your end?

JamesO


----------



## pseudoblue (Oct 25, 2005)

Hello, I configured a zywall35 with this problem and manage to solve it.. 
I had the same error message "verifying remote ID failed".

The problem was to configure the "Address Type" for the VPN rule (Local Network & Remote Network), make sure that the settings you configured either SUBNET, SINGLE or RANGE is the same with the remote network you are connecting.


----------

