Hello, Well, that didn't work. I should have mentioned that I am doing wired mode on site2sites.
When excluded client-vpn-services, the fw-1_topo was then dropped with "According to the policy the packet should not have been decrypted". Anything else? Thank you, again. Kim -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Reinhard Stich Sent: Tuesday, July 29, 2008 10:23 AM To: [email protected] Subject: Re: [FW-1] SecuRemote Create Site Behind Branch Office Tunnel hi, does that mean that you try to run client2site VPN from a location where you already (also) have a site2site VPN? this is always a special setup. you should exclude the client-VPN-services (ike, ESK, udp-encapsulation-service) from this site2site VPN br reinhard At 15:58 29.07.2008, you wrote: >Greetings, > >Have Branch Offices tunneled to UTM-1 Checkpoint SPLAT via [EMAIL PROTECTED] >500 boxes. All tunnel issues to DMZ, NATing, etc have been resolved, >save one: > >Branch Office users can not update or create the UTM-1 site when behind >their [EMAIL PROTECTED] device. >Update/Create of local and other Branch Office [EMAIL PROTECTED] tunneled >sites is OK >Update/Create of Branch Office [EMAIL PROTECTED] sites from tunneled UTM-1 is >OK > >UTM-1 logs only show the FW-1_topo being accepted from the Branch >Office, and then nothing else >[EMAIL PROTECTED] logs only show the sending of the FW-1_topo request and then >nothing else >SecuRemote reports "communication with site has failed" >SecuRemote logs show: >SIC error - Client could not connect to server >fwasync_connected_failed: 1340 from exception: The access code is >invalid. > >I've created rule allowing all ports that appear to be used by a site >update (determined from UTM-1 logs), just in case and these did not help >either, of course. > > >Any thoughts or help would be GREATLY appreciated! > >======================= >Kim Warden >MPR Associates, Inc >320 King St >Alexandria, VA 22314 >Ph: 703-519-0200 >Fax: 703-519-0224 >Direct: 703-519-0544 >======================= > >Scanned by Check Point Total Security Gateway. > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= -- Reinhard Stich [EMAIL PROTECTED] Internet Security AG, 1150 Wien, Johnstrasse 29 Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
