Hi
I've got a problem establishing a tunnel between a Linux box and a Checkpoint
Firewall.
Behind the Checkpoint Firewall several clients are located in one subnet. We
grouped them together in one group. Behind the Linux Firewall with FreeSWAN
there are two servers with the addresses x.x.x.127 and x.x.x.121.
First the tunnel was defined only for the first server and everything was OK.
But then we added the second server as destination to the tunnel. The
encryption domain behind the Linux Firewall is a group of the two servers.
Now a ping to the first server works, but not to the second. The error message
is: "encryption fail reason: Packet is dropped because
there is no valid SA - please refer to solution sk 19423 in Sercure
Knoledge Database"
Then we tried the following:
- we defined the complete subnet x.x.x.0/24 as the encryption domain for the
Linux firewall
- or we unchecked "Support subnets"
but nothing helped.
The Linux side (ipsec whack --status) says, the tunnel is established.
Is there any checkpoint commany similar to "ipsec whack" to dump the status of
the connections? Any further help?
Thanks.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
