Hi everybody.
I need to establish an IPSEC tunnel with a Huawei firewall model Eudemon 200. Everything seems to work fine for some minutes, then the outgoing traffic from my end to the Huawei's end is dropped at the destination; according to Huawei the firewall complains that the SA is invalid. It seems that at some point the Huawei firewall renegotiates the phase 2 SAs way before it even expires (default 3600 seconds); this only happens on outbound traffic (my side), the inbound SA (again my side) is correct and I can receive echo request packets from the LAN behind the Huawei firewall. We've check the SAs using vpn -u on our side, and my outbound SA is different than their inbound SA, this is strange since this usually happens way before the 3600 seconds are up (phase 2). I'm using a cluster of secureplatform servers running R60, with a single VPN community for all my other customers VPNs; this is the only one giving me a hard time. Any ideas would be of great help, since we've been at this for a number of weeks now, and we're really starting to run out of good ideas. Thanks, Raúl ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
