I am trying to create an IPSec tunnel between a MT router and a Checkpoint firewall. I have entered the following details in the MT router but the tunnel is not being initiated. Nothing is in the log file even though I have got both IPsec and IKE logging on. I have checked initiating the tunnel from a Netgear router and it works.
[admin@FTC MT] ip ipsec policy> print
Flags: X - disabled, D - dynamic, I - invalid
0 src-address=10.220.0.0/24:any dst-address=10.221.0.0/23:any protocol=all
action=encrypt level=require ipsec-protocols=esp tunnel=yes
sa-src-address=x.x.x.15 sa-dst-address=x.x.x.137
proposal=default manual-sa=none dont-fragment=clear
[admin@FTC MT] ip ipsec peer> print
Flags: X - disabled
0 address=x.x.x.137/32:500 secret="*********" generate-policy=no
exchange-mode=main send-initial-contact=yes proposal-check=obey
hash-algorithm=sha1 enc-algorithm=des dh-group=modp768 lifetime=1d
lifebytes=0
