hello,
I'd like to setup a site to site vpn with another box.
I set up the community, the other box as interoperable device, the vpn
domains, preshared key.
but I cannot see any IKE packet out from my firewall.
the fw ctl zdebug drop shows the following :
fw_log_drop: Packet proto=17 193.251.184.55:500 -> 213.30.137.178:500
dropped by vpn_encrypt_chain Reason: No error
the vpnd.elg doesn't show any error.
the ike.elg only shows packets from the other gateway.
the smartview tracker shows that the firewall is trying to encrypt it's
own IKE packets :
Number: 3186
Date: 12Sep2007
Time: 11:19:42
Product: VPN-1 Power/UTM
Interface: pppoe0
Origin: x.x.x.x
Type: Log
Action: Encrypt
Protocol: udp
Service: IKE (500)
Source: fwlocal (x.y.z.t)
Destination: vpnremote (a.b.c.d)
Rule: 24
Current Rule Number: 24-Standard
Rule UID: {89E973FA-DDAC-482A-9563-C1FEC7907978}
Source Port: IKE (500)
Encryption Scheme: IKE
VPN Peer Gateway: vpnremote (a.b.c.d)
Encryption Methods: ESP: AES-128 + MD5 + PFS
Community: my_site_2_site
Subproduct: VPN
VPN Feature: VPN
SmartDefense Profile: Default_Protection
Information: service_id: IKE
any idea ?
thanks
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
