A tunnel test is a udp 18234 packet sent to the firewall. Run "netstat -an | grep 18234" to see which IP this port is listening on (should be listening on external i/f). See if the tunnel test packets are reaching your gateway, run this on your firewall module, then try the connection again: fw monitor -e "sport=18234 or dst=18234, accept;" Here are some questions that may or may not be related but, hopefully, might steer you in the right direction: Is your "VPN-1 & FireWall-1 Control Connections" enabled in the Global Properties? Do you have the external ip address in the general properties of your firewall object? What is your Link Selection set to? (Firewall object props --> VPN --> Link Selection) Everytime that I have come across this error, it turned out to not be a routing issue -- usually more of an interface selection issue.
- Neil Delacruz On 9/21/05, Meyers, Duncan <[EMAIL PROTECTED]> wrote: > > Hi! > > I have SecureClient (NGX R60) trying to connect to a NGX R60 firewall. > Creating a new site works perfectly, however we cannot connect to the > site after that. The error that is returned in the SecureClient log > viewer is "Tunnel test failed due to IKE negotiation failure (-125)". > Nothing appears in the SmartView Tracker logs so I'm at a bit of a loss. > The KB suggests that a tunnel test failure is caused by the firewall > forwarding SecureClient packets out the wrong interface, but a tracert > shows that the packets head out the external interface. > > Any thoughts as to what's going on? > > Thanks, > Duncan > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
