<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2657.73">
<TITLE>RE: [Openswan Users] checkpoint NG AI and Openswan 2.1.2</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>I'm new to the list, but I hope this helps.</FONT>
</P>
<P><FONT SIZE=2>I was running into a similar no valid SA problem with my Cisco PIX. The problem I had was that the for each subnet that is defined on the PIX side of the VPN I needed a corresponding conn definition in my ipsec.conf file. I couldn't use a generic conn definition that covered all the subnets with a larger mask. So basically what this did was make separate SAD entries for each subnet I was going to on my Linux box.</FONT></P>
<P><FONT SIZE=2>When you're tunnel is up, check to see how many SAD entries you have and compare that to how many your Checkpoint is expecting. There should be a way to see that on your Checkpoint. Then just make sure that all the SPI numbers line up to each subnet properly.</FONT></P>
<P><FONT SIZE=2>Jason...</FONT>
</P>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: users-bounces@openswan.org [<A HREF="mailto:users-bounces@openswan.org">mailto:users-bounces@openswan.org</A>] On Behalf Of Ji Hui</FONT>
<BR><FONT SIZE=2>Sent: Friday, March 11, 2005 9:19 AM</FONT>
<BR><FONT SIZE=2>To: users@openswan.org</FONT>
<BR><FONT SIZE=2>Subject: [Openswan Users] checkpoint NG AI and Openswan 2.1.2</FONT>
</P>
<P><FONT SIZE=2>Hi,</FONT>
</P>
<P><FONT SIZE=2>I was trying to configure site-to-site VPN with my partner who is using Checkpoint NG AI R55.</FONT>
</P>
<P><FONT SIZE=2>I could establish the VPN from openswan to NG, but the other direction is failed. And sometime, the packets were dropped by NG, complaining no valid SA.</FONT></P>
<P><FONT SIZE=2>Any advice? </FONT>
</P>
<P><FONT SIZE=2>thank you.</FONT>
<BR><FONT SIZE=2>_______________________________________________</FONT>
<BR><FONT SIZE=2>Users mailing list</FONT>
<BR><FONT SIZE=2>Users@openswan.org</FONT>
<BR><FONT SIZE=2><A HREF="http://lists.openswan.org/mailman/listinfo/users" TARGET="_blank">http://lists.openswan.org/mailman/listinfo/users</A></FONT>
</P>
</BODY>
</HTML>