[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NG FP4 VPN does not work bi-directionally
(Please note, I haven't had hands-on Checkpoint for some time, but have been studying it and also just finished studying a comprehensive guid to IPSec.) I would recreate the tunnel and resync the encryption keys. Brendan Laws <[email protected]> wrote: Hi people, I have been looking at this for a while now and I can't see anything out of the obvious. I had a FP3 install that had a VPN running between a Nokia+FP3 and a little Linksys router, it worked fine for many months. I have recently upgraded to FP4 and since then the VPN tunnel only works when the Linksys contacts my internal networks, I can not contact the internal network behind the Linksys router now that I have upgraded to FP4. Looking at the log viewer I can see that if I pass of a connection it matches the vpn community rule but then I see in the logs a reject under rule 0 with "encryption failure: error occurred" then directly after that message comes the log Mypc --> pc-behind-linksys DROP --> Packet is drop because there is now valid SA. Now if the PC behind the Linksys can bring up the tunnel with no problems, I can't see anything obvious that should be stopping my pc from bringing uo the tunnel. Added to that it all worked in FP3 its only died since the upgrade to FP4. Can anyone recommend anything out of the ordinary to review? Cheers, Brendan ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Christopher J. Dias - CCSA, CCSE (Checkpoint), MCP + I,MCSE, (Microsoft), CCNA, CCNP (Cisco). CSE (Novell) Cím:1121 Budapest Fülemile út 12-18 4.ép.3/11. Telefon: 36 1 275-4008 Mobil:06-20/803 9687 [email protected] --------------------------------- Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|