Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: VPN problem for FW-1 Checkpoint

from [Randall Paige] Network Security [Permanent Link]
Subject: Re: VPN problem for FW-1 Checkpoint
Date: Fri, 22 Oct 2004 06:46:40 -0700 (PDT) 
Alvin:

No response from peer is simple to diagnose, first
verify that the IKE/UDP 500 packets are leaving your
firewall's external interface and the partner's
firewall is not responding back.  This message is
generated when there is not a response from the
partner's firewall/gateway.
The vpn tunnel should not go down and have to be
re-created on a normal policy install, although it
sounds like your firewall attempted to re-create the
tunnel.  Depending on the partner's gateway, it may
think the VPN tunnel is currently up and will not
accept the IKE packet from your gateway. Some gateways
will not accept an IKE packet requesting to negotiate
a new tunnel if it currently has an existing IKE/IPSEC
tunnel.


--- Alvin Wong <alvin.wong@b2b.com.my> wrote:


Hi all,

I have a problem with production firewall FW-1
Checkpoint with VPN 
running constantly for 2 years. However with a
normal policy update 
yesterday, the VPN function stopped working. VPN is
using IKE with DES, 
MD5, shared secret. Tunnel checked out fine on both
site firewalls , all 
configuration is correct.

I have 2 types of errors, encryption failure: no
response from 
peer.scheme: IKE

and

encryption failure: Packet is not IPSEC scheme: IKE

Any Checkpoint gurus out there can shed light on
this problem or share 
experiences and troubleshooting on this form of
failure?

Regards,
Alvin





                
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Browser redirect to proxy, Alexander Norell
Next by Date:  Re: Browser redirect to proxy, David M. Zendzian
Previous by Thread:  VPN problem for FW-1 Checkpoint, Alvin Wong
Next by Thread:  VPN Connections on PIX 506e, just1coder
Indexes:  [Date] [Thread] [Top] [All Lists]