[FW-1] Problem establishing VPN connection between Checkpoint NG-AI Cluster and SonicWall

Fri, 13 May 2005 10:24:47 -0700 

We have recently upgraded our Firewalls to a Nokia Cluster with NG-AI
R55, and have begun to experience a problem with our VPN Tunnels to
external SonicWall firewalls.

I suspect the problem relates to the fact that we have a cluster
configured, and the SonicWall is receiving packets from both firewalls
at our end.

To summarize the symptoms, I have configured the VPNs on both the
SonicWall and the Checkpoint cluster with the appropriate information,
When I initiate a ping from a workstation within our network the ping
replies return successfully.  As I initiate other connections, or at
some random time, however this connection will fail, and no further
packets will be received.  Initiating connections from the remote site
to my local site, also exhibit similar results where some connections
are successful, while other connections fail, and an existing successful
connection can at any time begin to fail and at some random time later
begin to work again.

Looking at the logs on my checkpoint firewall however I have noticed,
that for all the connections that are initiated from my end, I see the
successful encrypt packet being logged, and for all the connections from
the remote SonicWall end, I see the successful decrypt, this for even
those connections that are failing.

On the SonicWall logs, the only thing I am seeing in the logs that are
out of the ordinary are the following:

        "Failed payload verification after decryption, Possible
preshared key mismatch"

        "Received packet retransmission.  Drop duplicate packet"

Thanks in advance
Shawn


===================================
Shawn Kearley
Infrastructure Analyst
Newfoundland Power Co. Inc.

Phone: (709) 737-5724
Fax: (709) 737-5832
Email: [EMAIL PROTECTED]


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to