From owner-freebsd-questions@FreeBSD.ORG  Fri May 16 02:38:42 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A7EB41065683
	for <freebsd-questions@freebsd.org>;
	Fri, 16 May 2008 02:38:42 +0000 (UTC)
	(envelope-from pkeusem@visi.com)
Received: from isis.visi.com (isis.visi.com [209.98.98.8])
	by mx1.freebsd.org (Postfix) with ESMTP id 863F68FC2C
	for <freebsd-questions@freebsd.org>;
	Fri, 16 May 2008 02:38:42 +0000 (UTC)
	(envelope-from pkeusem@visi.com)
Received: by isis.visi.com (Postfix, from userid 5168)
	id 20C6676D13; Thu, 15 May 2008 21:08:57 -0500 (CDT)
Date: Thu, 15 May 2008 21:08:56 -0500
From: Paul Keusemann <pkeusem@visi.com>
To: freebsd-questions@freebsd.org
Message-ID: <20080516020856.GA8959@isis.visi.com>
Mail-Followup-To: Paul Keusemann <pkeusem@visi.com>,
	freebsd-questions@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.27i
Subject: Problem setting up racoon / Checkpoint VPN
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Paul Keusemann <pkeusem@visi.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 May 2008 02:38:42 -0000

Hi,

I'm trying to set up a VPN between my FreeBSD 6.3 machine and a
Checkpoint box.   I've currently got a VPN set up between the same
machine and another Checkpoint box and it's been working fine for
four years.  The new Checkpoint box is supposed to be set up identically
(expect for the obvious address changes) as the working system but
when I try to bring up the link, I'm getting an error during the phase
1 negotiation:

2008-05-15 08:38:15: DEBUG: 40 bytes message received from 207.xxx.xxx.xxx[500] t
o 12.202.208.28[500]
2008-05-15 08:38:15: DEBUG:
34f9867b 07e4ea13 00000000 00000000 0b100500 d2520e0f 00000028 0000000c
00000000 0100000e
2008-05-15 08:38:15: DEBUG: malformed cookie received or the initiator's cookies
 collide.

I'm assuming this is some sort of misconfiguration but nothing that
I've tried as made any difference.  I can post my side of the configuration
but right now, I'm just looking for someone who can tell me where to
start looking.
-- 
Paul Keusemann			                               pkeusem@visi.com
4266 Joppa Court		                               (952) 894-7805
Savage, MN  55378