Would this message occur if we did not have ike udp exluded from the services in the vpn community, did see a ike encrypted but ike should not be encrypted, so if we did not exclude this would it be right to see this IKE no valid SA?
On Thu, 14 Jul 2011 00:40 BST David DeSimone wrote: >Peter Addy <[email protected]> wrote: >> >> I have another question, if IKE udp 500 fails in our logs with no >> valid SA with another VPN my question is would the other party still >> this ike udp 500 on their side, reason I ask is that I am told the >> other side don't see anything incoming to them, we see this ike >> leaving our firewall via the vrrrp address? > >It does not make sense for IKE traffic to fail to transmit due to "no >valid SA". The whole point of transmitting IKE is to start setting >up an SA. If there is no valid SA, that is entirely the reason to be >sending IKE, and if it is getting dropped for that reason, a VPN could >never be established. > >I have never actually seen this condition, so I am not sure what could >be configured wrong that would create this sort of situation. > >-- >David DeSimone == Network Admin == [email protected] > "I don't like spinach, and I'm glad I don't, because if I > liked it I'd eat it, and I just hate it." -- Clarence Darrow > > >This email message is intended for the use of the person to whom it has been >sent, and may contain information that is confidential or legally protected. >If you are not the intended recipient or have received this message in error, >you are not authorized to copy, distribute, or otherwise use this message or >its attachments. Please notify the sender immediately by return e-mail and >permanently delete this message and any attachments. Verio, Inc. makes no >warranty that this email is error or virus free. Thank you. > >Scanned by Check Point Total Security Gateway. > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[email protected] >================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
