The error "Packet is dropped because there is no valid SA " is a generic error message when you have not got things quite right
Things to look for Check your encryption domain - local and remote ends When you say the tunnel is established does phase 1 and 2 complete? Are you running a cluster configuration? Timeout values for the Netscreen object are properly defined Run vpn debug and check your ike.elg (sk#I4326) The vpn debug will tell you what key exchange is happening for which subnets, this is the most likely issue as the vpn has been established only in one direction Check sk#26336 for more information JP -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Jean-Paul Baillon Sent: Sunday, 26 November 2006 5:42 PM To: [email protected] Subject: Re: [FW-1] Site to Site VPN Tunnel to Netscreen FW Check you settings for "support key exchange for subnets" -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Brandon Liew Sent: Saturday, 25 November 2006 11:21 AM To: [email protected] Subject: [FW-1] Site to Site VPN Tunnel to Netscreen FW Dear All, i am having a strange problem.with IP390 firewall running on NGX61. I had set a vpn site to site connection to a netscreen firewall. The error i got it from my smart view tracker - encryption fail reason: Packet is dropped because there is no valid SA From the Smart View Tracker i am able to see the tunnel established. From my vendor network they able to telnet/ping to the segment permited on my internal IP But from my site i am not able to do ping/telnet/ftp and the traffic drop by my cluster firewall with error " The error i got it from my smart view tracker - encryption fail reason: Packet is dropped because there is no valid SA " Any solution or anyone encounter this problem b4 ? -- Warmest Regards Brandon Liew CONFIDENTIAL POLICY: "THIS E-MAIL AND ANY FILES TRANSMITTED WITH IT CONTAINS INFORMATION WHICH MAY BE CONFIDENTIAL IT IS INTENDED SOLELY FOR THE USE OF THE INDIVIDUAL OR THE ENTITY TO WHOM THEY ARE ADDRESSED. IF YOU ARE NOT THE INTENDED RECIPIENT, PLEASE BE ADVISED THAT YOU HAVE RECEIVED THIS E-MAIL IN ERROR AND THAT ANY USE, DISSEMINATION, FORWARDING OR PRINTING OF THIS E-MAIL IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS E-MAIL IN ERROR, PLEASE NOTIFY US BY RETURN E-MAIL AT THE ADDRESS ABOVE AND DELETE THE E-MAIL FROM YOUR FILES. THANK YOU FOR YOUR CO-OPERATION." ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
