I'm experiencing some strange behaviour with a NG/AI R55 ClusterXL setup.
There is a Site-to-site VPN community with two participating gateways;
the cluster, and one externally managed gateway. Behind the externally
managed gateway there are clients on a 10.x.x.x network that are supposed
to have access to the management station behind the cluster gateway.
Almost all traffic flows nicely across this VPN tunnel:
10.x.x.x clients can ping the mgmt server, they can logon over
ssh and access the https interface on both mgmt server and
cluster nodes. However, traffic to the CPMI port is dropped by the
cluster gateway with the following explanation in the log:
Service: CPMI
Source: 10.x.x.225
Destination: mgmt-server (10.y.y.40)
Rule:
Information: encryption failure: Different community ID, possible NAT problem
(VPN Error code 02)
Anyone got an idea on what might be the cause of this behaviour? I know its not
a NAT related
problem because there are no NAT rules in place on either side of the tunnel.
Thanks,
/Kenny
--
Kenny Jansson kenson AT sentor DOT se
Sentor AB, Orphei Drängars plats 1, 753 11 Uppsala, Sweden
phn: +46 (0) 18 65 30 01 | gsm: +46 (0) 70 757 30 01
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
