Re: [FW-1] urgent problem with FP3 VPNs

To: [email protected]

Subject: Re: [FW-1] urgent problem with FP3 VPNs

From: "Gupta, Alok Mohan (Samtech)" <[email protected]>

Date: Fri, 20 Dec 2002 17:55:04 +0530

Comments: cc: [email protected]

Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>

Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Thread-Index: AcKoG+FC3IJemGuiR8OBc9znwJcbCQABoxpw

Thread-Topic: urgent problem with FP3 VPNs

Hi Oral,

Put the following rules on top of the Encrypt Rules:

Rule1:

Source= Local Firewall Object

Destination= Remote Firewall Object

Service=IKE(UDP) and ESP

Action=accept

Install On=Local Firewall Object

Rule2:

Source= Remote Firewall Object

Destination= Local Firewall Object

Service=IKE(UDP) and ESP

Action=accept

Install On=Local Firewall Object

That's it.

Hope this will help.

Regards,

Alok Mohan Gupta

-----Original Message-----
From: Oral Mohan [mailto:[email protected]]
Sent: Friday, December 20, 2002 5:06 PM
To: [email protected]
Subject: [FW-1] urgent problem with FP3 VPNs

Gurus,

I’m currently dealing with a very urgent situation where we’ve deployed over 50 sites with Check Point NG FP3/Nokia IPSO 3.6 that interconnect with VPNs using 3DES IKE and VPN Communities (Star config). Yesterday morning, VPNs started “mysteriously” going down. Spoke Firewalls keep logging “Invalid SA” and (even after re-installing the software), won’t even ATTEMPT to do a key exchange. We’ve engaged CP support and escalated, but any assistance to be had would be appreciated at this point.

Regards,

Oral Mohan