>Has any one encountered this problem? I have a VPN tunnel between 2
>countries (SG and AU). The tunnel has been working fine, until this
>morning, it becomes a one-way tunnel ie. SG-AU is ok, but AU-SG failed.
>You can see that the AU fw encrypt the packet but you will never see it
>decrypt at SG fw, no drop or reject packet deteced on the log. I really
>need HELP on this.
Not seeing anything on the logs of the/from the peer firewall introduces the
following possible scenarios:
1. If you have an encryption accelerator card (Chrysalis card) - it may have
gone bad.
Although VPN-1/FireWall-1 "should" re-route encryption to software, it
doesn't work. Encryption just stops working. I would check the system logs
to see if anything is showing up about the Accelerator card. If you disable
the card - the VPN should start working.
2. Someone has made a change on routers/firewalls that go between the two
firewalls.
Some form of access list has been applied on either side, and may be
blocking ESP/AH type packets (IP type 50 and 51 respectively). This could
be on the peer end where the VPN is working - i.e. the access list allows
ALL traffic out, but is blocking inbound. This would explain the inbound IP
type 50/51 packets being dropped and never appearing at the peer end.
Or, your Internet service provider may have decided to block IP type 50/51
packets - this is really really RARE.. but a possibility.
Good luck,
Amin Tora, CISSP
ePlus Technology
http://www.eplus.com
NASDAQ: PLUS
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
