On Thu, Apr 28, 2005 at 09:40:01AM +0200, Landolina Salvatore wrote:
> I had a similar problem with VPN between IP40 and R55. The trouble was
> that ESP packets outgoing from Check Point to Ip40 had a wrong SOURCE
> address. The source address of outgoing packets had the ip address of a
> INTERNAL interface and not the EXTERNAL as it should be normally.... Try
> to run tcpdump on the external interface and check ESP packets....
>
Always good advice. If that's not the problem, then using:
vpn debug trunc
On your R55 firewall is always useful (creates a file called something along
the lines of $FWDIR/log/vpnd.elg - which is plain text, but not plain
english :> Some knowledge of the IKE/IPsec protocols is very useful here).
Don't forget to:
vpn debug off
When you've done, or you'll be generating a real big logfile (over time).
Smaff
--
You happen to be here, now.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
