[Openswan Users] Checkpoint R70 interop - subnet 0.0.0.0/0 problem?

John Gorham gorhamj at dplcore.com
Wed Nov 3 12:04:18 EDT 2010


Device Details:

My Device: Linux kernel: 2.6.26-2-amd64, Openswan 2.6.28 (klips)
Business Partner's Device: Checkpoint - HW: ATM1070, SW: R70


When I establish the connection, all is well. When the other end 
(Checkpoint R70) attempts to bring up the tunnel, the following appears 
in the log (IPs have been sanitized):

Nov  2 17:49:21 openswan01 pluto[4001]: "conn_name" #20: the peer 
proposed: 192.168.1.0/24:0/0 -> 0.0.0.0/0:0/0
Nov  2 17:49:21 openswan01 pluto[4001]: "conn_name" #20: cannot respond 
to IPsec SA request because no connection is known for 
192.168.1.0/24===72.1.1.1<72.1.1.1>[+S=C]...63.1.1.1<63.1.1.1>[+S=C]===0.0.0.0/0
Nov  2 17:49:21 openswan01 pluto[4001]: "conn_name" #20: sending 
encrypted notification INVALID_ID_INFORMATION to 63.1.1.1:500


Unfortunately (or fortunately), I have no hands-on experience with 
Checkpoint firewalls. I hope someone out there has a solution to the 
above issue and can help me guide the network administrator on the other 
end of the tunnel. The other administrator assures me that their subnet 
is defined in a "VPN Domain". However, in the screenshots he has shared, 
it looks likes he have many, many VPN Domains applied to my 
"Interoperable Device".



-- 


________________________________
John Gorham
Network Administrator
The DPL Group
www.dpl.ca <http://www.dpl.ca>
gorhamj at dplcore.com <mailto:gorhamj at dplcore.com>

506.532.8714 x203 (w)




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101103/95ee0eb3/attachment.html 


More information about the Users mailing list