Check to make sure the remote firewall is properly receiving the IP packets by using a packet sniffer. Something is blocking communication between the VPN endpoints. The remote firewall is not set up with encryption. The remote end does not currently have a rule that will decrypt the packet. The same is true for firewall B?its encryption domain should contain all the hosts behind firewall B, any translated IP addresses, and firewall B itself if it is used as a hide address. The firewall should be included if it is used as the hide address. The encryption domain for firewall A should contain all the hosts behind firewall A and any translated IP addresses (including hides). The "No response from peer" error message usually points to one of the following problems. If the packets are not reaching the gateway, FireWall-1 cannot encrypt or decrypt them. You may also want to use a packet sniffer (e.g., tcpdump, snoop, fw monitor) to verify that packets are reaching the gateway. Rules to permit IKE and ESP to the firewall Sometimes you may need to put explicit rules in the firewall permitting this traffic. IP protocols 50 and 51 (for any IPSec-related scheme)Īlso, you should make sure that NAT is not being performed on any of the packets. If there are any filtering routers along the way, make sure they permit the following protocols: 11.13 General Troubleshooting Guidelines for VPN ProblemsĮnsure that the appropriate kinds of traffic are being permitted between the two endpoints. Note that any error messages you see in the SmartView Tracker/Log Viewer are documented in the Check Point manuals. The following is a list of common problems and resolutions that relate to establishing a VPN.
0 kommentar(er)
