Corrado,
How are the Edge(s) defined on the MGMT in the TOPOLOGY section? How is the VPN domain defined behind the EDGE(s)? Manual or ALL IP ADDRESS behind Gateway behind Topology information... Are you doing any NAT on the Edge side? Regards -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Corrado Motta Sent: Thursday, June 26, 2008 8:17 AM To: [email protected] Subject: [FW-1] VPN vcentral managed between NGX r65 and X-Edge 7.5.51 Hi maybe you have an idea the WAN interface of X-edge is in DHCP behind a NAT device central managed by a "Primary Smart Center Server" behind a cluster (2 node) all with NGX R65 Splat2.6 I receive the logs, I write the ACLs, I manage the little remote devices without problem but no traffic is passing trough my "Meshed community VPN " Paradox : the logs that arrive on my management server Number: 440 Date: 25Jun2008 Time: 16:33:00 Product: VPN-1 UTM Edge Origin: "X-Edge" Type: Log Action: Encrypt Protocol: udp Service: nbname (137) Source: it05-rete Destination: x.y.z.w Rule: 8 Source Port: nbname Information: msg: Packet logged File Direction: Outbound VPN Peer Gateway: NgxCluster ------------------------------------------------------------------ Number: 430 Date: 25Jun2008 Time: 16:32:28 Product: VPN-1 Power/UTM Interface: eth1 Origin: "active module" Type: Log Action: Decrypt Protocol: udp Service: nbname (137) Source: it05-rete Destination: x.y.z.w Rule: 8 Current Rule Number: 8-RTSI_Standard Source Port: nbname Information: service_id: nbname Community: Edge1-VPN Encryption Methods: ESP: 3DES + MD5 Encryption Scheme: IKE Rule UID: .... SmartDefense Profile: No Protection Subproduct: VPN VPN Feature: VPN VPN Peer Gateway: X-Edge But the packet sent from "it05-rete" did not reach the target x.y.z.w If I try to connect "it05-rete" from the x.y.z.w ==> The same think No "error" no "smart defence", no "NAT" inside the VPN, no errors registered locally on the X-Edge, and "encryption" is ( seems ) OK ( for both: X-edge and VPN-1 Power) Any Idea? Thank's Corrado Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
