Miguel Hernandez y Lopez a écrit :
Hi all,
One of my customer have a VPN with Checkpoint R62 and CiscoASA, phase 1 and 2
negotiation are ok... the tunnel established fine with no errors... but after
several minutes the tunnel go down. The odd thing is that in Checkpoint side i
don´t see any drop packets... in the Cisco side the same.
The traffic is passing through the tunnel is emulation 3270 from ibm. The solution when the tunnel goes down, is disabling the rule from Checkpoint.. pushing the rules to the fw and the enabling again the rule.
The people who manage the Cisco ASA disable the PFS and i´ve disable in the
Checkpoint node too... but the problem persists, with the PFS disable on both
sides the tunnel is up at leats 2 minutes and then goes down.
Any ideas for this?
lifetime for phase2 sa perhaps.
try to debug the vpn on checkpoint via "vpn debug trunc", then look at
$FWDIR/log/vpnd.elg and ike.elg.
try also to grab the conf from the cisco for this vpn and check for
differences.
you can shutdown the tunnel on the gateway with the "von tu" command.
but I suspect lifetime mismatch for phase 2.
thanks in advance,
Miguel
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
