On Sat, 25 Nov 2006, Brandon Liew wrote:
> i am having a strange problem.with IP390 firewall running on NGX61.
> I had set a vpn site to site connection to a netscreen firewall.
> The error i got it from my smart view tracker - encryption fail reason:
> Packet is dropped because there is no valid SA
> >From the Smart View Tracker i am able to see the tunnel established. From
> my vendor network they able to telnet/ping to the segment permited on my
> internal IP
> But from my site i am not able to do ping/telnet/ftp and the traffic drop by
> my cluster firewall with error " The error i got it from my smart view
> tracker - encryption fail reason: Packet is dropped because there is no
> valid SA "
There is a load of knowledgebase articles on this subject. This may occur
if your timing settings do not match on either end or your encryption
domains do not match properly to name just a few of the known issues.
(With so many variables there are plenty of things you might overlook.)
Hugo.
--
hvdkooij AT vanderkooij DOT org http://hvdkooij.xs4all.nl/
This message is using 100% recycled electrons.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
