Hi folks, I have already started "vpn debug trunc". It was the ike.elg file / Ike-View where I saw, that Main-Mode failed after the 4th packet. I already opened a case at CP TAC, but as R62 is no more supported, I only get a support by "best effort".
@Claudio: At the moment the MTU is on both side - client and FW - at 1.500 byte. Where do I need to decrease it? I suppose on both sides, right? Best regards, Christian -----Ursprüngliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[email protected]] Im Auftrag von pkc_mls Gesendet: Donnerstag, 11. März 2010 11:12 An: [email protected] Betreff: Re: [FW-1] Problem with IPSec over L2TP Tunnel Köhler a écrit : > Hi folks, > > I have running R62 on mgmt. and on the module. When I am trying to establish > an IPSec over L2TP from a Microsoft XP-SP3 Client, the main-mode fails after > the 4th packet. > > I need to use certificates on the client side and the client side is behind > NAT. > enable vpn debug with "vpn debug trunc" on the gateway, then check ike.elg and vpnd.elg for more details about the failure. try to compare the output of the l2tp over ipsec and the secureclient dialog, and if there is nothing obvious, escalate to checkpoint. > Many thanks and best regards, > Christian Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Emergency Response Services Schnelle und zuverlässige Unterstützung bei IT-Sicherheitsvorfällen aller Art. Weitere Infos unter http://www.controlware.de/ers Diese E-Mail kann vertrauliche oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail. Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen Informationen ist nicht gestattet. The information contained in this message is confidential or protected by law. If you are not the intended recipient, please contact the sender and delete this message. Any unauthorised copying of this message or unauthorised distribution of the information contained herein is prohibited. Controlware GmbH Kommunikationssysteme Telefon: (0 60 74) 8 58-0 E-Mail: [email protected] http://www.controlware.de Sitz: 63128 Dietzenbach, Registergericht: Offenbach a.M., HRB Nr. 6431, USt.-Id.-Nr. DE 113539225 Geschäftsführung: Helmut E. Wörner (Vorsitzender), Bernd Schwefing, Hubert Potthoff Beirat: Dr. Gert Sieger (Vorsitzender), Dr. Peter Pagé, Kurt Sibold Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
