<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
Device Details:<br>
<br>
My Device: Linux kernel: 2.6.26-2-amd64, Openswan 2.6.28 (klips)<br>
Business Partner's Device: <font size="3"><font color="#000000"><font
face="Segoe UI">Checkpoint - HW: ATM1070, SW: R70</font></font></font><br>
<br>
<br>
When I establish the connection, all is well. When the other end
(Checkpoint R70) attempts to bring up the tunnel, the following appears
in the log (IPs have been sanitized):<br>
<br>
Nov 2 17:49:21 openswan01 pluto[4001]: "conn_name" #20: the peer
proposed: 192.168.1.0/24:0/0 -> 0.0.0.0/0:0/0<br>
Nov 2 17:49:21 openswan01 pluto[4001]: "conn_name" #20: cannot respond
to IPsec SA request because no connection is known for
192.168.1.0/24===72.1.1.1<72.1.1.1>[+S=C]...63.1.1.1<63.1.1.1>[+S=C]===0.0.0.0/0<br>
Nov 2 17:49:21 openswan01 pluto[4001]: "conn_name" #20: sending
encrypted notification INVALID_ID_INFORMATION to 63.1.1.1:500<br>
<br>
<br>
Unfortunately (or fortunately), I have no hands-on experience with
Checkpoint firewalls. I hope someone out there has a solution to the
above issue and can help me guide the network administrator on the
other end of the tunnel. The other administrator assures me that their
subnet is defined in a "VPN Domain". However, in the screenshots he has
shared, it looks likes he have many, many VPN Domains applied to my
"Interoperable Device".<br>
<br>
<font size="3"><font color="#000000"><font face="Segoe UI"><br>
<br>
</font></font></font>
<div class="moz-signature">-- <br>
<br>
<br>
________________________________<br>
John Gorham<br>
Network Administrator<br>
The DPL Group<br>
<a href="http://www.dpl.ca">www.dpl.ca</a><br>
<a href="mailto:gorhamj@dplcore.com">gorhamj@dplcore.com</a><br>
<br>
506.532.8714 x203 (w)<br>
<br>
<br>
<br>
<br>
</div>
</body>
</html>