Hi all, we have a SmartCenter R55 HFA02 with IPSO Module R55 HFA02. And we have several sites with VPN1-Edge X32 boxes, all with Firmware release 4.0.80x.
The SmartCenter ist mapped with Static NAT to the outside of the Module, so it can be reached from the Edge boxes via the Internet. Some of these boxes have Bootcode 22 and some others have Bootcode 25. These newer boxes with bootcode 25 differ in their behaviour from the older ones with bootcode 22. With Bootcode 22, when we establisch a connection to the smartcenter, a second VPN Site Profile with Name ENTERPRISE Site to Site VPN (Unrestricted Access) is created besides our already established Site to Site VPN Tunnel. Both Profiles are enabled. Everything is working. Once you reboot (cold start) the Edge box, the ENTERPRISE Tunnel Profile disappears and everything is working as expected. Site-to-Site Tunnel up and functional. Service Center Connection to SmartCenter connected. With Bootcode 25, basically the same second VPN Site Profile ENTERPRISE gets created, but once this Site Profile is created, the Main VPN Site-to-Site Tunnel fails. You have to disable the second profile, to get the Main Tunnel up again. Even though the ENTERPRISE Tunnel is disabled now, the SmartCenter stays connected. After a reboot (cold start) of the Edge box, the ENTERPRISE Tunnel Profil does not disappear. It is still visible in the management interface of the Edge box. Main Tunnel is up and Service Center (SmartCenter) is connected. But if you try to enable the ENTERPRISE Tunnel profile now, the main Tunnel fails immediately. I cannot find anything about that ENTERPRISE VPN Site profile. Nothing is mentioned in the docs, that such a site profile should even be created. Neither is there any information what role it plays in the Service Center Connection. Further I couldn't find any information about the changes that were made between Bootcode 22 and Bootcode 25 to get a hint at least, what may be the reason for this inconsistent behaviour. Has anyone an idea, what may be the reason for this, or how the SmartCenter Connection should really look in the Edge Box Management Interface? Thanks Peter Weyrosta ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
