[Openswan Users] Checkpoint R70 interop - subnet problem?

John Gorham gorhamj at dplcore.com
Wed Nov 3 12:04:18 EDT 2010

Device Details:

My Device: Linux kernel: 2.6.26-2-amd64, Openswan 2.6.28 (klips)
Business Partner's Device: Checkpoint - HW: ATM1070, SW: R70

When I establish the connection, all is well. When the other end 
(Checkpoint R70) attempts to bring up the tunnel, the following appears 
in the log (IPs have been sanitized):

Nov  2 17:49:21 openswan01 pluto[4001]: "conn_name" #20: the peer 
proposed: ->
Nov  2 17:49:21 openswan01 pluto[4001]: "conn_name" #20: cannot respond 
to IPsec SA request because no connection is known for<>[+S=C]...<>[+S=C]===
Nov  2 17:49:21 openswan01 pluto[4001]: "conn_name" #20: sending 
encrypted notification INVALID_ID_INFORMATION to

Unfortunately (or fortunately), I have no hands-on experience with 
Checkpoint firewalls. I hope someone out there has a solution to the 
above issue and can help me guide the network administrator on the other 
end of the tunnel. The other administrator assures me that their subnet 
is defined in a "VPN Domain". However, in the screenshots he has shared, 
it looks likes he have many, many VPN Domains applied to my 
"Interoperable Device".


John Gorham
Network Administrator
The DPL Group
www.dpl.ca <http://www.dpl.ca>
gorhamj at dplcore.com <mailto:gorhamj at dplcore.com>

506.532.8714 x203 (w)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101103/95ee0eb3/attachment.html 

More information about the Users mailing list