I am not able to get a S2S connection between my Central office (Checkpoint R65) to my remote office (Cisco ASA 5505). Currently in testing phase, the Cisco box is also at my office, but connected to my DSL.
I have created the tunnel, but it keeps telling me on the Cisco box "Missing header, SA overload". Can anyone help?
This is what I used as reference:
http://netl33ts.blogspot.com/2009/02/checkpoint-to-cisco-asa-vpn-example.html
Thanks, A D
On the ASA, run "debug cry ipsec" and "debug cry isakmp" You might want to setup your console to log to a txt file, or setup syslog. It's easier to grep for info then.
Next on the Checkpoint look at Tracker for errors, you can get a copy of IKEView (ask your Checkpoint partner, or if you have access to the site, you can download it) The tool is a bit complicated, but is one of the ways to debug a Checkpoint VPN problem.
Is your Checkpoint in a cluster? Nokia's VRRP has problems with the phase one IP, so try breaking your cluster, and running solo (if you can at night for example).
BTW, I could not find any error called "Missing header, SA overload." Can you send the error code number, or paste the entire line?
Could you provide more information ? (like settings used on both side) Is this error coming during phase 1 or phase 2 ? I would recommend to turn on debugging on the ASA to get more information regarding the error.
add command crypto map mymap 30 set nat-t-disable