Gurus of the list, Have anyone ever attempted and succeeded in establishing a two-way VPN Tunnel between a Netscreen 204 running ScreenOS and a Checkpoint FW-1 NG AI R55 set up in a VRRP cluster?
The Checkpoint got several subnets in its encryption domain which seems to complicate stuff for the Netscreen. The remote user behind the netscreen can ping the user behind the checkpoint, but not the opposite. The checkpoint fw runs simplified mode, main mode completes, but sending traffic over the tunnel yields: ICMP: Echo Request ICMP Type: 8 ICMP Code: 0 message_info: Implied rule encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information sk19423 is informative at best, and totally useless at worst. Anyhow, information that can lead to a successful negotiation of a two-way VPN tunnel is highly appreciated. Thanks, B�rge Berg-Olsen ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
