Re: [FW-1] Checkpoint R62 vs CiscoASA 5505

Fri, 13 Jun 2008 06:40:47 -0700 

Hi,

I  have had same problem. I  implemented simplified mode VPN
configuration with peer ASA 5520 (and Sidewinder). Tunnel was unstable
and always goes down. Then I changed policy to traditional mode
configuration and all problems was solved.
In simplified mode CheckPoint gw tests tunnel with tunnel_test protocol.
This is not supported on ASA and maybe this is cause of problems and
unstale tunnel. Use traditional mode and all will be working.

Juraj

Miguel Hernandez y Lopez wrote:

Hi all,

One of my customer have a VPN with Checkpoint R62 and CiscoASA, phase 1 and 2 
negotiation are ok... the tunnel established fine with no errors... but after 
several minutes the tunnel go down. The odd thing is that in Checkpoint side i 
don´t see any drop packets... in the Cisco side the same.
The traffic is passing through the tunnel is emulation 3270 from ibm. The solution when the tunnel goes down, is disabling the rule from Checkpoint.. pushing the rules to the fw and the enabling again the rule. 
The people who manage the Cisco ASA disable the PFS and i´ve disable in the 
Checkpoint node too... but the problem persists, with the PFS disable on both 
sides the tunnel is up at leats 2 minutes and then goes down.

Any ideas for this?

thanks in advance,

Miguel

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================




Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to