Is this Edge in the same community as the ones that are working?
By "Service Center" I assume you mean "SmartCenter" and not a real SofaWare
Service Center?
Are you accepting all encrypted traffic via the check box or do you have a
manual VPN rule set up? If the latter, do you have both the R55 gateway and
the Edge box in Source and Destination?
Is the Edge managed by SmartCenter or did you do a manual shared secret
thing? If SmartCenter, what HFA are you on? There were a lot of Edge-related
fixes around HFA07.
The only time I had this one-way VPN issue was on an early firmware (like a
year ago almost) and once when I had the NAT settings messed up.
Ray
From: "Stephen W. Stewart" <stewart.sw AT TKDA DOT COM>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] VPN-1 Edge X Setup
Date: Wed, 16 Feb 2005 14:32:28 -0600
Another piece of the puzzle to think about.
When trying to connect to a Service Center my FW-1 log shows the
following message:
message_info: Implied rule encryption failure: Different community ID,
possible NAT problem (VPN Error code 02)
Steve
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Ray
Sent: Wednesday, February 16, 2005 10:12 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] VPN-1 Edge X Setup
Check out 5.0.50. It fixed a bunch of VPN problems in 5.0.43 including a
memory leak that made me have to reboot mine every few days.
Ray
>From: Russell Aspinwall <russell.aspinwall AT FLOMERICS.CO DOT UK>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Subject: Re: [FW-1] VPN-1 Edge X Setup
>Date: Wed, 16 Feb 2005 14:15:15 +0000
>
>Hi,
>
>I have used a variety of firmware versions on the Edge and found
>v5.0.43x a vast improvement since v4.0.93x and many in between. Site to
>Site VPNs offer a significantly better level of performance and
>reliability, primarily NGAI R55 to Edge, Edge to Edge VPNs have not
>been a problem.
>
>Stephen W. Stewart wrote:
>>Hi All,
>>
>>Trying to set up an Edge X box for a remote office in Site to Site
mode.
>>I currently have 2 other sites that are working just fine. The only
>>difference with the new X is that it will have a static IP and the two
>>that are working are using DHCP.
>>
>>I can create the site and then look in the reports section at the VPN
>>Tunnels section and nothing shows up. If I ping the internal IP of
>>the X box a tunnel is established and the X box replies. I cannot
>>ping the other way into the "home" network behind the FW-1.
>>
>>The established tunnel shows IKE (Phase 1): 3DES/SHA1.
>>
>>Any ideas?
>>
>>Thanks
>>
>>
>>Stephen W. Stewart
>>
>>=================================================
>>To set vacation, Out-Of-Office, or away messages, send an email to
>>LISTSERV AT amadeus.us.checkpoint DOT com
>>in the BODY of the email add:
>>set fw-1-mailinglist nomail
>>=================================================
>>To unsubscribe from this mailing list, please see the instructions at
>>http://www.checkpoint.com/services/mailing.html
>>=================================================
>>If you have any questions on how to change your subscription options,
>>email fw-1-owner AT ts.checkpoint DOT com
>>=================================================
>>
>
>
>--
>Regards
>
>Russell
>
>=================================================
>To set vacation, Out-Of-Office, or away messages, send an email to
>LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your subscription options,
>email fw-1-owner AT ts.checkpoint DOT com
>=================================================
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
