07-26-2005 12:31 PM
We have setup a VPN tunnel between our company (PIX 515e) & another company (Checkpoint 4.1) to transfer email. As it stands they can initiate a connection and send us mail, and we can return it for time while the tunnel is up. However we cannot initiate the tunnel on our own. Our mail must wait until they send mail, which creates the tunnel.
I have two possible theories:
1. The lifetimes do not match.
2. They have set up their connection one-way / deny inbound.
Since this forum can't help with #2, please answer this.
Will the connection/tunnel work at all if the lifetimes are incorrect? And would such a config error produce the above situation?
I need to know if the lifetimes are the issue, before I just stab at the problem.
I can't provide my config right now, but will do so if you think it helps.
07-29-2005 01:28 PM
ya.. lifetimes might be an issue. i had faced such problems before.. make suer you have the same values of configs on lifetime, interesting traffic, SA parameters etc...
Raj
07-29-2005 01:50 PM
Actually we solved it!!
Finally got on the phone with the other company's service provider, and they debugged while I connected. They had PFS enabled (which shouldn't have been).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide