All, I found an error in the logs! This is it:
Number: 5801 Date: 17Mar2004 Time: 20:43:45 Product: VPN-1 & FireWall-1 Interface: eth1 Origin: fw-1 (x.x.x.x) Type: Log Action: Drop Service: CPMI (18190) Source: damnd_home (192.168.x.x) Destination: chqfw01 (192.168.x.x) Protocol: tcp Source Port: 3718 Encryption Scheme: IKE VPN Peer Gateway: befvp41 (x.x.x.x) Encryption Methods: ESP: 3DES + SHA1 + PFS Information: encryption failure: Different community ID, possible NAT problem (VPN Error code 02) I tried excluding CPMI in the tunnel but I still get this error. thanks Chris -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Covington, Chris Sent: Wednesday, March 17, 2004 10:22 PM To: [EMAIL PROTECTED] Subject: [FW-1] Simplified Mode remote GUI Client Hi all, I decided to convert 2 of my SecurePlatform R55s to Simplified Mode policies just to see what would happen. The only problem is that now it's impossible to connect over a VPN with the GUI Client to the boxes, though I can ping and ssh to the SecurePlatform boxes fine from the same machines. On a LAN the GUI Client connects fine. The Simplified Mode GUI Client error is: "Connection cannot be initiated. Please make sure that the Server 'X.X.X.X' is up and running and that you are defined as a GUI Client." Needless to say, I am defined as GUI Client and the GUI Client connection works fine when I reinstall the traditional policy. The problem happens connecting from all different sorts of VPN devices. The Simplified VPNs all work fine otherwise (I'm using Star Communities). They are set to Accept all Encrypted traffic and to Disable NAT inside the VPN community, with VPN routing set to center only. Has anyone seen this before? Chris ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
