This sounds like the good ole ike_use_largest_possible_subnets. What kind of error messages do you see?
-GS -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: Monday, February 27, 2006 12:46 PM To: [email protected] Subject: Re: [FW-1] IPSec Lan-Lan Cisco VPN and Checkpoint Active-Standy Issue's There are a few things you need to be aware of on the Checkpoint end: 1) Are you running VRRP or ClusterXL? In either case, you need to enable synchronization, otherwise, vpn will not work. 2) The Cisco VPN device should peer with either the ClusterXL IP or Nokia VRRP IP address. I currently have a pair of SPLAT R55w firewalls running ClusterXL in Active/Standby mode and it is working great. I have about 25 site-to-site VPN tunnels on this firewall. Of that 25 VPN tunnels, 20 of those are either Cisco IOS routers, Cisco VPN Concentrators or Cisco Pix firewalls. HTH libone mhlanga <[EMAIL PROTECTED]> wrote: Anyone had any problems with an IPSec Lan-Lan VPN connection between a Cisco VPN and Checkpoint Active-Standby Cluster. The Tunnel Comes up from both sides with no problem but only traffic coming the Cisco VPN side seems to pass through the tunnel. When Initiating traffic from the Checkpoint Cluster side it does not seem pass any traffic although the tunnel does come up. The IKE peer (Checkpoint Cluster side) appears to kick off the tunnel with either the Active address or the Cluster Address. -- _______________________________________________ Search for businesses by name, location, or phone number. -Lycos Yellow Pages http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default .asp?SRC=lycos10 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Brings words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
