- Is this incoming or outgoing? Because somehow the IKE packets seem to match traffic outside your community.The initial IKE packets can be seen leaving the cluster. However IKE negotiation does not take place.
- Might there be a NAT issue that causes you to send the wrong addresses?Either on the firewall(s) or the network in between. Cluster A's topology points to Network A as its encryption domain. Cluster B's topology points to Network B as its encryption domain. Each network is Hide NAT'ed behind its respective firewall cluster. There are no custom NAT / static NAT rules that pertain to these network objects. On 10/18/06, Phoenix Ikki <[EMAIL PROTECTED]> wrote:
Have you set the VPN domain? In the Check Point Gateway -> Topology Regards, ali -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Satyam Mathura Sent: 18 Oktober 2006 4:09 To: [email protected] Subject: [FW-1] VPN Problem Hey Guys: I'm currently setting up a site to site VPN between 2 Chkpt R61 HA clusters. Both clusters are managed from the same SmartCenter Server. The encryption domain for each site only includes its internal network. Both clusters belong to the same VPN Community and i have the following rule in place: Source: Destination If Via Service Action Site A Encryption Domain Site A Encryption Domain VPN Any Allow Site B Encryption Domain Site B Encryption Domain After installing the policy on both clusters and testing connectivity between the 2 sites, i notice that the initial IKE negotiation is accepted between the two sites. However, the resulting traffic is dropped between the 2 sites and i get the following error msgs: Information: IKE: No common community for myself Information: service_id: icmp-proto ICMP: Echo Request ICMP Type: 8 ICMP Code: 0 encryption fail reason: Packet is dropped because there is no valid SA - please refer to solution sk19423 in SecureKnowledge Database for more information I cannot find any reference to the "No common community" error on SecureKnowledge. I have double-checked my VPN configuration but cannot find the cause of the problem. Any idea what may be causing this? Regards. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
