Hi,

I've a problem to interconnect Racoon with my checkpoint office's.
I've enable the nat-t.
In the racoon log i don't have errors. In my checkpoint tracker too.

My configuration racoon.conf is :

#path certificate "/etc/racoon/cert";
path pre_shared_key "/etc/racoon/psk.txt";
#log notify;

timer {
        counter 5;              # maximum trying count to send.
        interval 20 sec;        # maximum interval to resend.
        persend 1;              # the number of packets per a send.
        # timer for waiting to complete each phase.
        phase1 30 sec;
        phase2 15 sec;
}

remote checkpoint_ip {
        exchange_mode main;
        passive off;
        lifetime time 1440 min; # sec,min,hour
        my_identifier user_fqdn "test";
        dpd_delay 0;
        nat_traversal on;
        proposal {
                encryption_algorithm aes;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group modp1024;
                }
        proposal_check obey;
}


sainfo address 0.0.0.0/0 any address 10.255.253.0/24 any {
        #pfs_group 2;
        lifetime time 3600 sec;
        encryption_algorithm aes;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate ;
}

In the log i've this :

2007-01-04 10:36:56: DEBUG: Adding NON-ESP marker
2007-01-04 10:36:56: DEBUG: 80 bytes from 172.20.3.38[4500] to checkpoint_ip[4500]
2007-01-04 10:36:56: DEBUG: sockname 172.20.3.38[4500]
2007-01-04 10:36:56: DEBUG: send packet from 172.20.3.38[4500]
2007-01-04 10:36:56: DEBUG: send packet to checkpoint_ip[4500]
2007-01-04 10:36:56: DEBUG: src4 172.20.3.38[4500]
2007-01-04 10:36:56: DEBUG: dst4 checkpoint_ip[4500]
2007-01-04 10:36:56: DEBUG: 1 times of 80 bytes message will be sent to checkpoint_ip[4500]
2007-01-04 10:36:56: DEBUG:
00000000 d5317715 d8204e20 d36f383c be695276 05100201 00000000 0000004c
574d5470 b7124a1b d3ec1a20 3c460ed6 dc8ec387 16c1d282 b01ecf5b 72ade24f
1ffaf9bc f5c8aba5 6dd06995 46567bbd
2007-01-04 10:36:56: DEBUG: resend phase1 packet d5317715d8204e20:d36f383cbe695276
2007-01-04 10:36:59: DEBUG: KA: 172.20.3.38[4500]->checkpoint_ip[4500]
2007-01-04 10:36:59: DEBUG: sockname 172.20.3.38[4500]
2007-01-04 10:36:59: DEBUG: send packet from 172.20.3.38[4500]
2007-01-04 10:36:59: DEBUG: send packet to checkpoint_ip[4500]
2007-01-04 10:36:59: DEBUG: src4 172.20.3.38[4500]
2007-01-04 10:36:59: DEBUG: dst4 checkpoint_ip[4500]
2007-01-04 10:36:59: DEBUG: 1 times of 1 bytes message will be sent to checkpoint_ip[4500]
2007-01-04 10:36:59: DEBUG:
ff
2007-01-04 10:37:16: ERROR: phase1 negotiation failed due to time up. d5317715d8204e20:d36f383cbe695276
2007-01-04 10:37:16: INFO: KA remove: 172.20.3.38[4500]->checkpoint_ip[4500]
2007-01-04 10:37:16: DEBUG: KA tree dump: 172.20.3.38[4500]->checkpoint_ip[4500] (in_use=1)
2007-01-04 10:37:16: DEBUG: KA removing this one...

My checkpoint listen on UDP 500 and 4500 on all interface.
Do you know if the problem if on my checkpoint office's or in my racoon configuration ?
Somebody already made function a raccon with a checkpoint NGX ?

Thanks by advance to you help.

Regards,
--
------------------------
SoukoussMan
SoukoussMan@gmail.com