Hi Mike, try running 'vpn tunnelutil' on both firewalls and see if you have valid IKE SA's and/or IPsec SA's. Try deleting them with this util. They should be renewed as far as there is traffic for this tunnel. Try debugging vpn via 'vpn debug [on|ikeon]' which logs to vpnd.elg/ike.elg. Remember to stop debugging via 'vpn debug [off|ikeoff]' ;-) Have a close look on these logs, maybe you'll find your problem in there.
By the way: Which OS on what maschine is running? We had the same error when running R55 on an Solaris 9 Multi-CPU Sun (which is not supported, what we found afterwards :-( ). Regards Torsten G�dicke -----Urspr�ngliche Nachricht----- Von: Mike Singleton [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 27. April 2004 22:35 An: [EMAIL PROTECTED] Betreff: [FW-1] Site-to-site VPN error Any know how to further troubleshoot this, the IKE phase seems to go through, then this error. Number: 38800 Date: 27Apr2004 Time: 11:52:25 Product: VPN-1 & FireWall-1 Interface: eth2 Origin: firewall (xx.xxx.xxx.129) Type: Log Action: Drop Service: smtp (25) Source: mail2.domain.com (xxx.xxx.xxx.131) Destination: other_site_firewall (xxx.xxx.xxx.103) Protocol: tcp Source Port: 65439 Information: encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
