[FW-1] AW: [FW-1] Site-to-site VPN error

Subject:	[FW-1] AW: [FW-1] Site-to-site VPN error
From:	FWAdmin <FWAdmin AT WLW DOT DE>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 28 Apr 2004 09:18:00 +0200

Hi Mike,

try running 'vpn tunnelutil' on both firewalls and see if you have valid IKE
SA's and/or IPsec SA's.
Try deleting them with this util. They should be renewed as far as there is
traffic for this tunnel.
Try debugging vpn via 'vpn debug [on|ikeon]' which logs to vpnd.elg/ike.elg.
Remember to stop debugging via 'vpn debug [off|ikeoff]' ;-)
Have a close look on these logs, maybe you'll find your problem in there.

By the way:
Which OS on what maschine is running? We had the same error when running R55
on an Solaris 9 Multi-CPU Sun (which is not supported, what we found
afterwards :-( ).

Regards
Torsten Gödicke

-----Ursprüngliche Nachricht-----
Von: Mike Singleton [mailto:msingleton AT QUORUMREVIEW DOT COM]
Gesendet: Dienstag, 27. April 2004 22:35
An: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Betreff: [FW-1] Site-to-site VPN error


Any know how to further troubleshoot this, the IKE phase seems to go
through, then this error.

Number:         38800
Date:                   27Apr2004
Time:                   11:52:25
Product:        VPN-1 & FireWall-1
Interface:      eth2
Origin:                 firewall (xx.xxx.xxx.129)
Type:                   Log
Action:                 Drop
Service:        smtp (25)
Source:         mail2.domain.com (xxx.xxx.xxx.131)
Destination:    other_site_firewall (xxx.xxx.xxx.103)
Protocol:       tcp
Source Port:    65439
Information:    encryption fail reason: Packet is dropped because there
is no valid SA - please refer to solution sk19423 in SecureKnowledge
Database for more information

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] AW: [FW-1] Site-to-site VPN error, FWAdmin <= Re: [FW-1] AW: [FW-1] Site-to-site VPN error, Mike Singleton

Previous by Date:	Re: [FW-1] Hot fix accumulator Installation Docs, Morgane Salvador
Next by Date:	Re: [FW-1] Nokia/Checkpoint install help, MAINGUENE, Anthony
Previous by Thread:	[FW-1] Nokia SSL HTTPD problem, Dirk Udo
Next by Thread:	Re: [FW-1] AW: [FW-1] Site-to-site VPN error, Mike Singleton
Indexes:	[Date] [Thread] [Top] [All Lists]