We recently upgraded a Checkpoint 4.1 SP6 box to NG FP-2. We have the firewall/VPN-Pro license, and the upgrade went smooth and the rulebase was converted from 4.1 to NG. However, we have an issue that VPN's to the NG box no longer work (we have a VPN running from a Cisco router to the NG box, which is running under Linux).
When the Cisco sends out an ISAKMP message to the Checkpoint, we see in the Checkpoint logs that the packet is accepted. However, the next thing that happens is the NG box sends out an ICMP port unreachable error message, meaning that no traffic is being accepted on UDP port 500. Has anyone seen this before? I had assumed when I started the firewall daemon, the VPN software should be started as well. All of our licenses are correct and verified, and all other filtering on the firewall works fine. It is only a problem with VPN's. Any thoughts are appreciated. Thanks! ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
