Hi, We just converted the VPN configuration of our firewalls to simplified mode. When I install a policy on the firewall cluster, the VPN connections stop working and I get the following error in the log:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Number: 3000 Date: 4May2004 Time: 9:41:13 Product: VPN-1 & FireWall-1 Interface: daemon Origin: localvpn (x.x.x.x) Type: Log Action: Reject Reject Reason: IKE failure Protocol: ip Rule: 0 - Implied Rules Encryption Scheme: IKE VPN Peer Gateway: remote-vpn (x.x.x.x) Information: encryption failure: no response from peer. and a little later: Number: 3200 Date: 4May2004 Time: 9:41:37 Product: VPN-1 & FireWall-1 Interface: eth3c0 Origin: localvpn (x.x.x.x) Type: Log Action: Drop Service: ISAKMP (500) Source: localvpn (x.x.x.x) Destination: remote-vpn (x.x.x.x) Protocol: udp Rule: 10 Source Port: ISAKMP (500) Destination Key ID: 0x00000000 Encryption Scheme: IKE VPN Peer Gateway: remote-vpn (x.x.x.x) Encryption Methods: ESP: AES-256 + SHA1 Community: Community-Name Information: encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ If I reboot the firewalls, the VPN connection is reestablished and I am able to reach the other side again! (I looked in sk19423, but I did not find any good clues there). We are running a pair of Nokia IP350 in a VRRP cluster, using NG AI R55 HFA-03 on IPSO 3.7 Build 36. We did not have this problem when using traditional mode VPN. Any help would be very appreciated! Regards, Harald ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
