Members,
I've configured an VPN between two Checkpoint Firewall-1/VPN-1 Gateways using Manual
IPSec encryption. Both Firewalls are running version 4.1sp1 software with strong
encryption
and they are managed from the same management station.
In the first place everything seems to work just fine. I can initiate sessions from a
host in encryption domain A to an host in encryption domain B and vice versa.
But after a period of inactivity it's not possible to initiate connection from
encryption domain A towards encryption domain B. The logging shows that the Gateway
protecting encryption domain A is correctly encrypting the traffic, but there are no
logging message showing that the gateway protecting encryption domain B is decrypting
the traffic.
Even stranger is the fact that when the session is initiated from encryption domain B
towards encryption domain A everything works just fine, and traffic from encryption
domain A towards encryption domain B is also possible again. It's also notified in the
logging of gateway B that this firewall is decrypting traffic from encryption domain A
towards encryption domain B again.
Both firewall objects are configured in the same way. There are no spoofing rules
dropping any traffic and if they were there the VPN wouldn't work in the first place.
Both firewalls are also using the same encryption and authentication methods.
Is this a bug or has anyone some suggestions what the problem can be??
Regards, Andre van der Lans
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
