[Openswan Users] Checkpoint R70 interop - subnet 0.0.0.0/0 problem?
John Gorham
gorhamj at dplcore.com
Wed Nov 3 12:04:18 EDT 2010
Device Details:
My Device: Linux kernel: 2.6.26-2-amd64, Openswan 2.6.28 (klips)
Business Partner's Device: Checkpoint - HW: ATM1070, SW: R70
When I establish the connection, all is well. When the other end
(Checkpoint R70) attempts to bring up the tunnel, the following appears
in the log (IPs have been sanitized):
Nov 2 17:49:21 openswan01 pluto[4001]: "conn_name" #20: the peer
proposed: 192.168.1.0/24:0/0 -> 0.0.0.0/0:0/0
Nov 2 17:49:21 openswan01 pluto[4001]: "conn_name" #20: cannot respond
to IPsec SA request because no connection is known for
192.168.1.0/24===72.1.1.1<72.1.1.1>[+S=C]...63.1.1.1<63.1.1.1>[+S=C]===0.0.0.0/0
Nov 2 17:49:21 openswan01 pluto[4001]: "conn_name" #20: sending
encrypted notification INVALID_ID_INFORMATION to 63.1.1.1:500
Unfortunately (or fortunately), I have no hands-on experience with
Checkpoint firewalls. I hope someone out there has a solution to the
above issue and can help me guide the network administrator on the other
end of the tunnel. The other administrator assures me that their subnet
is defined in a "VPN Domain". However, in the screenshots he has shared,
it looks likes he have many, many VPN Domains applied to my
"Interoperable Device".
--
________________________________
John Gorham
Network Administrator
The DPL Group
www.dpl.ca <http://www.dpl.ca>
gorhamj at dplcore.com <mailto:gorhamj at dplcore.com>
506.532.8714 x203 (w)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101103/95ee0eb3/attachment.html
More information about the Users
mailing list