[Openswan Users] checkpoint NG AI and Openswan 2.1.2
Ji Hui
jhuichd at gmail.com
Mon Mar 14 23:13:07 CET 2005
To be more specific, the tunnel was up but it went down after a while
and ",,,No valid SA...." was logged in Checkpoint.
I found that it was mentioned that "iA Linux FreeS/WAN-Checkpoint
connection may close after some time. Try this tip toward a
workaround" in http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/interop.html.
but the link to this tip was not valid any more, which is
http://lists.freeswan.org/archives/users/2003-October/msg00293.html.
Anyone has any clue on this? Is this applicable to Openswan as well?
thank you very much.
On Fri, 11 Mar 2005 11:44:37 -0600, Warnes, Jason SktnHR
<jason.warnes at saskatoonhealthregion.ca> wrote:
>
>
> I'm new to the list, but I hope this helps.
>
> I was running into a similar no valid SA problem with my Cisco PIX. The
> problem I had was that the for each subnet that is defined on the PIX side
> of the VPN I needed a corresponding conn definition in my ipsec.conf file.
> I couldn't use a generic conn definition that covered all the subnets with a
> larger mask. So basically what this did was make separate SAD entries for
> each subnet I was going to on my Linux box.
>
> When you're tunnel is up, check to see how many SAD entries you have and
> compare that to how many your Checkpoint is expecting. There should be a
> way to see that on your Checkpoint. Then just make sure that all the SPI
> numbers line up to each subnet properly.
>
> Jason...
>
>
> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
> Behalf Of Ji Hui
> Sent: Friday, March 11, 2005 9:19 AM
> To: users at openswan.org
> Subject: [Openswan Users] checkpoint NG AI and Openswan 2.1.2
>
> Hi,
>
> I was trying to configure site-to-site VPN with my partner who is using
> Checkpoint NG AI R55.
>
> I could establish the VPN from openswan to NG, but the other direction is
> failed. And sometime, the packets were dropped by NG, complaining no valid
> SA.
>
> Any advice?
>
> thank you.
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list