Hi all
I have set up a VPN between a Checkpoint FW1 (v4.1 sp3) and a Cisco 827.
The tunnel installs correctly and I can connect from the FW1 subnet to the
Cisco subnet but not the other way around.
When I try to connect from the Cisco subnet I can see the packets enter
the access list that defines the tunnel but I see no entry on the FW1 log.
Conversely I see the logging fine when I connect from the FW1 subnet to the
Cisco end.
Is there anything that I am missing? I have included some debug from the
Cisco router.
Thanks
Duncan
Saltley-EM-827#sh crypto ip sa
interface: Dialer1
Crypto map tag: Saltley, local addr. 195.137.x.x
local ident (addr/mask/prot/port): (10.14.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (10.7.0.0/255.255.0.0/0/0)
current_peer: 194.201.x.x
PERMIT, flags={origin_is_acl,}
#pkts encaps: 74, #pkts encrypt: 74, #pkts digest 74
#pkts decaps: 38, #pkts decrypt: 38, #pkts verify 38
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress
failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 195.137.x.x, remote crypto endpt.: 194.201.x.x
path mtu 1500, media mtu 1500
current outbound spi: 6B50AEB9
inbound esp sas:
spi: 0x33A426D2(866395858)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2000, flow_id: 1, crypto map: Saltley
sa timing: remaining key lifetime (k/sec): (4607996/3237)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x6B50AEB9(1800449721)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2001, flow_id: 2, crypto map: Saltley
sa timing: remaining key lifetime (k/sec): (4607991/3237)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
local ident (addr/mask/prot/port): (10.7.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (10.14.0.0/255.255.0.0/0/0)
current_peer: 194.201.x.x
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress
failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 195.137.x.x, remote crypto endpt.: 194.201.x.x
path mtu 1500, media mtu 1500
current outbound spi: 0
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
Saltley-EM-827#sh crypto is sa
dst src state conn-id
slot
194.201.x.x 195.137.x.x QM_IDLE 5 0
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59517&t=59517
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
