On Monday 23 of February 2004 15:00, Joachim Bassmann wrote:
> Hi Stefan,
>
> --On Freitag, 20. Februar 2004 08:51 +0100 Stefan Wiederoder
> <Stefan.Wiederoder AT KAUFLAND DOT DE> wrote:
>
> > from FP3 to R55. The upgrade went well, but afterwards all our
> > site-to-site vpn-connections
> > dropped because of ".. no valid SA".
>
> do you get any messages about the key exchange to fail or succeed?
>
> My guess would be that the key exchange fails and therefore you really
> don't have a valid SA.
A solution for me was to exclude IKE from VPN definition.
Otherwise FW tried to encrypt IKE packets.
Please note that it was on R54 HFA 405.
mmp
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
