Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 4323 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site Issue with Checkpoint FW

Longman
I have a site to site vpn with a customer. I am able to access resources on the remote network however when the customer tries to access my remote network we see the following errors in the ipsec vpn log. When these errors occur I can no longer access his remote network.

2015:09:09-09:11:30 sofirewall pluto[11340]: "S_REF_IpsSitIroboKlTest_0" #113: sending encrypted notification INVALID_MESSAGE_ID to 192.58.132.1:500
2015:09:09-09:11:34 sofirewall pluto[11340]: "S_REF_IpsSitIroboKlTest_0" #113: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3266b2a9 (perhaps this is a duplicated packet)

I have read one post that says the remote gateway on the sophos firewall should be configured to "respond only". Currently iy is set to "Initiate connection".


This thread was automatically locked due to age.
Parents
  • 0
    If you still need help, please click on [Go Advanced] below and attach pics of the Edits of the IPsec Connection and the Remote Gateway.  Also, with all 'Debug' selections off, disable the IPsec Connection, start the IPsec Live Log, enable the IPsec Connection and show us about 60 lines starting with the enabling of the Connection.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    If you still need help, please click on [Go Advanced] below and attach pics of the Edits of the IPsec Connection and the Remote Gateway.  Also, with all 'Debug' selections off, disable the IPsec Connection, start the IPsec Live Log, enable the IPsec Connection and show us about 60 lines starting with the enabling of the Connection.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML