I have tried all the below suggestions a long while ago. I had experienced this problem in the past . Please let me know if you guys have any other idea and suggestions. For NGX , the file that has to be modified is user.def.NGX_R6X . For some reason, my VPN gateway is peering up with other VPN gateways internally instead of the vendor's VPN.
Joshi - The IP address are random and different networks (eg. *172.23.12.12 *, 172.23.12.230, 10.98.23.5, *10.98.24.3*, 10.98.23.100, *192.168.34.54*). The bold IPs are working and i verified three times verified with the vendor for encryption domain mismatching. Thanks, Vasu On 4/13/07, Jignesh Joshi <[EMAIL PROTECTED]> wrote:
Hi, The servers which you are accessing are random IP and few of them are consecutive (e.g if you have added 192.168.1.22/32 and 192.168.1.23/32) it will take network of 192.168.1.22/255.255.255.254. This type of problem occurs between Checkpoint and other vendors. If both the ends are checkpoint then it works fine. Regards, Jignesh Joshi ITIMD Tel # 2829-1454 ext 5290 Link Line ext: 601-397 -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Vasu Chetty Sent: Friday, April 13, 2007 10:07 AM To: [email protected] Subject: [FW-1] NGX R60 on IPSO Platform - Site-to-Site VPN Hello All, I am experiencing a problem with a Site-to-Site Tunnel and there are 10 IP address(Servers) configured in the encryption domain(host). When the vendor access our network, there is no problem, but we noticed problem when we initiate traffic to the vendor. Among the 10 IP addresses(Server in the encryption domain), a few servers are not able to communicate to the Vendor. However not all IP addresses (servers) in the encryption domain are not being dropped, some of them are working. Whenever the packet is being dropped, i observed that my VPN gateway is trying to peer up with all other firewalls internally and not to the vendor's VPN gateway, and i can this happening for all dropped packets in the firewall for these servers. There are atleast 20 tunnels running on the same VPN gateway without any problems. Also, i started experiencing this problem for an another Site-to-Site VPN today for a new vendor. Please let me know your thoughts on this problem. If any of you in this distribution list has come across this problem, please respond. Thanks in advance !!! -- Regards, Vasu ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= http://www.patni.com World-Wide Partnerships. World-Class Solutions. _____________________________________________________________________ This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at [EMAIL PROTECTED] and delete this mail. _____________________________________________________________________ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
-- Regards, Vasu ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
