[FW-1] NG FP2 to SofaWare VPN

["Steven J. Surdock, PE" <ssurdock@FW1-NOSPAMENGINEERED-NET.COM>]

I recently set up a site-to-site VPN between our Linux NG FP2 and a SofaWare
Safe@Office (3.0) but am experiencing some problems.  It is set-up pretty
much as indicated in the SofaWare VPN config guide.  We're using shared
secrets with

Traffic/connections from SofaWare site --> NG site - appears to work well.
Traffic/connections from NG site --> SofaWare site - occasionally drop with
the following error:

16:14:18 drop   127.0.0.1  >eth1 product VPN-1 & FireWall-1 src 172.16.1.97
s_port 4046 dst 172.17.1.95 service ftp proto tcp rule 3 scheme: NA
encryption failure: Encryption/Decryption Failure

Sometimes the ftp will work, and sometime it won't.

The FW-1 LogViewer simply lists the "info" portion as, "encryption failure:
Encryption/Decryption Failure"

"Vpn debug on" and "vpn diag on" did not provide much insight.

FW-1 side has policy rules

Remote_net     Local_net    Any     Encrypt(3DES, SHA, None, Any)
Local_net      Remote_net   Any     Encrypt(3DES, SHA, None, Any)

FW-1 side has nat rules

Remote_net     Local_net    Any     Original   Original
Local_net      Remote_net   Any     Original   Original
Local_net      Local_net    Any     Original   Original
Local_net      Any          Any     Hide       Original



-Steve S.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================