If you are seeing what we are seeing, when Phase 2 renegotiates, the Cisco seems to be spewing vendorid over and over. In fact, the first vendorID is correct, and should be sent.. I have traces with it being sent over and over... The only way to recomplete the tunnel is to either clear SA's, or stop and start the VPN daemon. This is relevant to NG FP2 and the Cisco 3x (Altiga?)series. Clearly you think that a PIX is on the other end. Are you sure of this? We are in the early stages of analysis, but at the moment, the arrows are pointing at both Cisco and Check Point. BTW, we have had CP support in Israel working on this for some time now. Also, we are seeing that when Phase 2 rekeying occurs, the Check Point side seems to think that Phase 1 is gone as well, and tries to re-negotiate phase 1. Which is leading us to believe that BOTH vendors have an issue.. I will post more later in the week as we unravel this, but count me in as having CISCO>Check Point issues as well.
Frank -----Original Message----- From: Singh, Hira [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 01, 2002 5:48 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] VPN compatibility between Checkpoint NG FP2 and Cisco PIX firewal ls. Hi alex, What I have been doing is , i do clear SAs "cpstop" "cpstart", it works for some time , then it breaks up and doesn't starts at all from my end. But in other case it always works if the connection is initiated by cisco-pix. regards Hira Singh -----Original Message----- From: Lien, Alex [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 7:39 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] VPN compatibility between Checkpoint NG FP2 and Cisco PIX firewal ls. Hi Hira, Does this mean you were unsuccessful with the VPN link from FP2 to PIX? Did you have any recommendations on resolving it? Thanks Alex -----Original Message----- From: Singh, Hira [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 7:37 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] VPN compatibility between Checkpoint NG FP2 and Cisco PIX firewal ls. I have almost query... When I negotiates from FP2 end-PIX doesn't reponds sometime for phase-2(quick mode) Warm Regards Hira Singh -----Original Message----- From: Lien, Alex [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 7:41 PM To: [EMAIL PROTECTED] Subject: [FW-1] VPN compatibility between Checkpoint NG FP2 and Cisco PIX firewal ls. Hi, Has anyone successfully configured and use a Site-to-Site VPN between a Checkpoint NG FP2 and a Cisco PIX firewall? If so, what OS and model of the PIX that you used and is there any special configuration gotcha that one has to watch out for? One of our corporate partners are using PIX firewalls and they are questioning the compatibility between our Checkpoint NG and their PIX firewalls. Thanks Alex ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
