On Tue, Oct 15, 2002 at 10:19:31AM -0400, Jason Borkowsky wrote: > We recently upgraded a Checkpoint 4.1 SP6 box to NG FP-2. We have the > firewall/VPN-Pro license, and the upgrade went smooth and the rulebase was > converted from 4.1 to NG. However, we have an issue that VPN's to the NG box > no longer work (we have a VPN running from a Cisco router to the NG box, > which is running under Linux). > > When the Cisco sends out an ISAKMP message to the Checkpoint, we see in the > Checkpoint logs that the packet is accepted. However, the next thing that > happens is the NG box sends out an ICMP port unreachable error message, > meaning that no traffic is being accepted on UDP port 500. Has anyone seen > this before? I had assumed when I started the firewall daemon, the VPN > software should be started as well. All of our licenses are correct and > verified, and all other filtering on the firewall works fine. It is only a > problem with VPN's. Any thoughts are appreciated. Thanks!
look if vpnd is running on the machines and if not, request hotfixes from Check Point. if it is running, use vpn debug trunc and watch vpnd.elg for what's wrong. regards Hanus Adler -- One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
