SCS is the smart center server, aka manager, management server. You can tcpdump -i external-interface proto 50 and host x.x.x.x, x.x.x.x would be the remote gateway/endpoint IP. Yes the traffic between the internal host is encrypted when it leaves the external interface, encrypted with ESP protocol 50(encapsulating security payload), after the IKE exchange and once internal clients makes some "interesting traffic"(tries to get to the host(s) on the other end of tunnel) you will/should see ESP/proto 50 between both gateway/endpoint IP's. The goal here is to see if you are doing ESP out of the proper interface and whether or not the ESP makes it to the other side.
-GS ________________________________ From: Frank Sackewitz <[email protected]> To: [email protected] Sent: Wed, January 6, 2010 3:22:13 PM Subject: Re: [FW-1] VPN-Problem: no traffic thru tunnel In my understanding I can only tcpdump on the inner interface. On the outside interface I cannot see anything because of encyption. On the inner interface I see no packets for protocol 50. Humble question: what is SCS? Best regards Frank Sackewitz Gary Scott <[email protected]> Sent by: Mailing list for discussion of Firewall-1 <[email protected]> 06.01.2010 18:01 Please respond to Mailing list for discussion of Firewall-1 <[email protected]> To [email protected] cc Subject Re: [FW-1] VPN-Problem: no traffic thru tunnel tcpdump for protocol 50(ESP) on both gateway/endpoint interfaces In the logs you see both sides encrypting but no decrypts? Are both gateways using same SCS? ________________________________ From: Frank Sackewitz <[email protected]> To: [email protected] Sent: Wed, January 6, 2010 11:20:23 AM Subject: [FW-1] VPN-Problem: no traffic thru tunnel hi @all, I have some trouble with a vpn tunnel between two ngx gateways. Main mode and quick mode finished properly with all subnets. But I can´t get any traffic thru the tunnel. It seems that the packets enter the tunnel and don´t come out at the other end. Any hints appreciated. Thx Frank Abonnieren Sie jetzt unseren Newsletter und bleiben Sie stets up-to-date! HASCO Hasenclever GmbH + Co KG | Sitz: Lüdenscheid | Geschäftsführung | Mag. Christoph Ehrlich | HRA 3072 AG Iserlohn | PhG: Hasenclever GmbH | HRB 4493 AG Iserlohn | Ust-IdNr. DE 125796912 | Zertifiziert nach DIN EN ISO 9001 Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind, oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten diese Mail. Das unerlaubte Kopieren oder die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Abonnieren Sie jetzt unseren Newsletter und bleiben Sie stets up-to-date! HASCO Hasenclever GmbH + Co KG | Sitz: Lüdenscheid | Geschäftsführung | Mag. Christoph Ehrlich | HRA 3072 AG Iserlohn | PhG: Hasenclever GmbH | HRB 4493 AG Iserlohn | Ust-IdNr. DE 125796912 | Zertifiziert nach DIN EN ISO 9001 Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind, oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten diese Mail. Das unerlaubte Kopieren oder die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
