Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
375
Views
0
Helpful
2
Replies

PIX 515 to Checkpoint 4.1 - Only Checkpoint can Initiate Tunnel

bionicjoe
Level 1
Level 1

‎07-26-2005 12:31 PM

We have setup a VPN tunnel between our company (PIX 515e) & another company (Checkpoint 4.1) to transfer email. As it stands they can initiate a connection and send us mail, and we can return it for time while the tunnel is up. However we cannot initiate the tunnel on our own. Our mail must wait until they send mail, which creates the tunnel.

I have two possible theories:

1. The lifetimes do not match.

2. They have set up their connection one-way / deny inbound.

Since this forum can't help with #2, please answer this.

Will the connection/tunnel work at all if the lifetimes are incorrect? And would such a config error produce the above situation?

I need to know if the lifetimes are the issue, before I just stab at the problem.

I can't provide my config right now, but will do so if you think it helps.

Labels:
0 Helpful
2 Replies 2

sachinraja
Level 9
Level 9

‎07-29-2005 01:28 PM

ya.. lifetimes might be an issue. i had faced such problems before.. make suer you have the same values of configs on lifetime, interesting traffic, SA parameters etc...

Raj

0 Helpful

bionicjoe
Level 1
Level 1
In response to sachinraja

‎07-29-2005 01:50 PM

Actually we solved it!!

Finally got on the phone with the other company's service provider, and they debugged while I connected. They had PFS enabled (which shouldn't have been).

0 Helpful
Customers Also Viewed These Support Documents