I had this problem with a server in Poland to here. Make sure the time is
correct on each server and that they are in the correct time zone.
Steven
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, June 07, 2000 11:16 AM
To: Danny Kruitbosch
Cc: Haji, Mohmed; '[EMAIL PROTECTED]'
Subject: Re: [FW1] Decrypt Failure
<< File: d.kruitbosch.vcf >>
It is also worth checking the routing on your firewall.
Danny Kruitbosch <[EMAIL PROTECTED]> on 07/06/2000 15:44:50
To: "Haji, Mohmed" <[EMAIL PROTECTED]>
cc: "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]> (bcc: Chad
ALPERT/GMIITS/HSBCMERIDIAN)
Subject: Re: [FW1] Decrypt Failure
Hi,
The eval license is OK. IT has ALL available features, so you can rule out
licensing.
Did you try to create your VPN again on both firewalls. I've had the same
problem
before and created the vpn between my to firewalls again. Including new
SPI's (I
used manual IPSEC) and rules. Try this and reinstall your policy on your
London and
Riyadh firewalls.
Good Luck !)
Danny Kruitbosch
RDC Datacentrum
The Netherlands
"Haji, Mohmed" schreef:
> Hello everyone,
>
> We have 2 VPNs in our Company.
>
> 1) From London to Riyadh (which we are having problems with)
> 2) From London to Dubai (which is fine)
>
> The Riyadh firewall was powered down suddenly due to admin problems with
our
> offices in Riyadh. It was off-line for about a month but has now come
> on-line again.
>
> I reinstalled the latest policy onto Riyadh and have checked System
Status
> Monitor and all looked to be OK.
>
> They are able to successfully connect to machines outside the encryption
> domain but not to machines inside it (i.e. they could make VPN
connections
> but not non-VPN connections). NB The VPN was working fine before the
> powerdown.
>
> I checked the firewall logs and saw that the traffic from London - Riyadh
> was OK.
>
> The traffic from Riyadh to London wasn't. I saw lots of key installs and
> encrypts BUT NO DECRYPTS. This is obviously the reason why it isn't
working.
>
> WHY IS NOT DECRYPTING THE DATA?
>
> I think I should point out that Dubai is properly licensed but Riyadh is
> relying on an eval licence. The Dubai licence has the features encul,
> vpndes, pfm
>
> Riyadh has an eval licence with the following features: controlx pfmx
oseu
> vpndes connect motif embedded ram1 srunlimit
>
> Our Tech Support insist that although Riyadh doesn't explicitly have
encul
> and pfm, the pfmx licence it does have includes both these features. Is
this
> correct ? ( I think it may the licences that are preventing the firewall
>
> Thanks to everyone in advance.
>
> Kind regards,
> Mohmed Haji
> Information Systems - Logica UK Ltd
> tel: +44 020 7446 2112
> fax: +44 (0)20 7468 7008
>
>
===========================================================================
=====
> To unsubscribe from this mailing list, please see the instructions
at
> http://www.checkpoint.com/services/mailing.html
>
===========================================================================
=====
**********************************************************************
This message originated from the Internet. Its originator may, or may
not be who they claim to be, and the information contained herein
may, or may not be accurate.
**********************************************************************
The HSBC Group's website is at http://www.hsbc.com
************************************************************************
HSBC Bank plc, which is regulated in the UK by SFA, has issued the
information contained in this message (including any attached documents)
for its non-private customers only. This message and any attachments are
not an invitation to buy or sell securities or related financial
instruments,
are confidential to the named recipient and may also be privileged. The
information should not be reproduced and/or distributed to any other
person. Internet communications are not secure and HSBC Bank plc
accepts no legal responsibility for the contents of this message.
HSBC Bank plc makes no representation and accepts no responsibility
or liability as to the completeness and accuracy of the information
contained in this message. Opinions may change without notice and
members of the HSBC Group may have positions in, or trade in instruments
mentioned in this message. Each page attached hereto must be read in
conjunction with any disclosure which forms part of it.
************************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
