Mohan,
I had the same problem and it took me a lot to find out what was
happening. I found that the VPN Concentrator drops packets that come
from networks that are not defined as part of his encryption domain or
viceversa. In other words, make sure that the entire encryption domain
of the VPN Concentrator is configured on the Check Point Objects, AND
that the exact Check Point Encryption Domain is configured on the VPN
Concentrator. Both domains must match exactly.
I also found problems with the source and destination objects that you
place on the rules of the Check Point Gateway.
Hope this helps,
L.
On Wed, 2003-05-28 at 23:56, Mohan Mysore wrote:
> Hi All
> I am having issues setting up a VPN between a CP NG FP3 HF2 firewall
> running on a Nokia IP350 platfrom and a Cisco VPN concentrator 3000 series
> running v 3.65R.
> The issue being we are unable to succesfully setup a tunnel between the 2
> devices for
> IKE 3DES MD5 encryption using pre-shared secrets .
> All that is displayed on the log is the initial Key exchange traffic for
> Phase 1and no successs with the Phase 2 if the key exchange is initiated
> from the CP end. But if the Xchange is from the Cisco end the Key exchange
> is successful and we can see some ecnrypt traffic on the CP end but the
> other end does not see any traffic coming in. It is the same for the
> decrypt traffic coming from the Cisco to the CP . Any help is appreciated
> on the issues...
> Thanks
> Mohan Mysore
> Insure IT Services
> Tel Ph: 612-97017086 Fax: 612-9701 7501
> Mobile: 0409 073853
> Email: mohan.mysore AT qbe DOT com
> Web: www.qbe.com
>
>
>
> ________________________________________________________________________
> IMPORTANT NOTICE : The information in this email is confidential and may also
> be privileged. If you are not the intended recipient, any use or
> dissemination of the information and any disclosure or copying of this email
> is unauthorised and strictly prohibited. If you have received this email in
> error, please promptly inform us by reply email or telephone. You should also
> delete this email and destroy any hard copies produced.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
