Hi all I have set up a VPN between a Checkpoint FW1 (v4.1 sp3) and a Cisco 827. The tunnel installs correctly and I can connect from the FW1 subnet to the Cisco subnet but not the other way around.
When I try to connect from the Cisco subnet I can see the packets enter the access list that defines the tunnel but I see no entry on the FW1 log. Conversely I see the logging fine when I connect from the FW1 subnet to the Cisco end. Is there anything that I am missing? I have included some debug from the Cisco router. Thanks Duncan Saltley-EM-827#sh crypto ip sa interface: Dialer1 Crypto map tag: Saltley, local addr. 195.137.x.x local ident (addr/mask/prot/port): (10.14.0.0/255.255.0.0/0/0) remote ident (addr/mask/prot/port): (10.7.0.0/255.255.0.0/0/0) current_peer: 194.201.x.x PERMIT, flags={origin_is_acl,} #pkts encaps: 74, #pkts encrypt: 74, #pkts digest 74 #pkts decaps: 38, #pkts decrypt: 38, #pkts verify 38 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 195.137.x.x, remote crypto endpt.: 194.201.x.x path mtu 1500, media mtu 1500 current outbound spi: 6B50AEB9 inbound esp sas: spi: 0x33A426D2(866395858) transform: esp-des esp-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2000, flow_id: 1, crypto map: Saltley sa timing: remaining key lifetime (k/sec): (4607996/3237) IV size: 8 bytes replay detection support: Y inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0x6B50AEB9(1800449721) transform: esp-des esp-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2001, flow_id: 2, crypto map: Saltley sa timing: remaining key lifetime (k/sec): (4607991/3237) IV size: 8 bytes replay detection support: Y outbound ah sas: outbound pcp sas: local ident (addr/mask/prot/port): (10.7.0.0/255.255.0.0/0/0) remote ident (addr/mask/prot/port): (10.14.0.0/255.255.0.0/0/0) current_peer: 194.201.x.x PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 195.137.x.x, remote crypto endpt.: 194.201.x.x path mtu 1500, media mtu 1500 current outbound spi: 0 inbound esp sas: inbound ah sas: inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas: Saltley-EM-827#sh crypto is sa dst src state conn-id slot 194.201.x.x 195.137.x.x QM_IDLE 5 0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59517&t=59517 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]