|
|
sofaware.infopop.cc SofaWare Discussion Groups SmartCenter Management 2 Edges HA Setup Problem , only at failover time.|
Go
|
New
|
Find
|
Notify
|
Tools
|
Reply
|
|
|
Junior Member |
Hello,
i just configured 2 vpn edge devices for a new site. the primary one connected via pppoe to the i-net. the backup device configured to use a linksys nat router to go online. both edge devices has the same enc. domain manually set. both are configure to use a backup gateway ( edgea points to edgeb and edgeb points to edgea ) within smartcenter... vpn works over the edgea device with pppoe in both directions. if i do a failover. the active master changed to edgeb and it initiates a new vpn session to the central gateway. but i can´t get any traffic to the central site. logs for ike and ipsec are o.k. i always see something like this for the traffic. umber: 398553 Date: 28Aug2007 Time: 9:36:19 Product: VPN-1 Pro/Express Interface: eth1 Origin: membergw1 Type: Log Action: Drop Protocol: udp Service: tunnel_test (18234) Source: 192.168.99.3 Destination: membergwcluster (xx.xxx.xxx.xxx) Source Port: tunnel_test (18234) Encryption Scheme: IKE VPN Peer Gateway: edgeb (0.0.0.13) Encryption Methods: ESP: AES-256 + SHA1 + PFS Subproduct: VPN VPN Feature: VPN Information: encryption failure: Wrong peer gateway for decrypted packet (VPN Error code 01) i have updated from 6.0.34 to latest 6.5 build and also to 7.0 latest build. same thing. (if i don´t use ha mode and use the edgeb device as a standalone device behind the nat router it works without a problem )... hope somebody could help me. need to get this working within the next 2 days.. bye Roman |
||
|
|
Junior Member |
Hello,
did another test. with 2 new edge devices. both direct connected via pppoe, without nat router.. same problem. it has nothing to do with nat traversal as i has gussed 8-(. |
|||
|
|
Junior Member |
OK.. Got it to work..
define only on edge device in smartcenter and configure both edge devices ( pri and secondary internet connection exactly the same)... Register the second edge with the same registration key as the first one. bye roman |
|||
|
|
Junior Member |
Hi Roman,
did you get the solution by playing around or is this the ha setup recommended by checkpoint ? I was asking for a setup guide for a long time, because we ran into the same problem, but never got an answer. kind regards, Alex |
|||
|
|
Junior Member |
Hello,
it´s a checkpoint workaround. or design guideline.. more infos can be found in a longer threat at cpug.org . edge forum.. also from me.. bye roman |
|||
|
| Powered by Eve Community |
 | Please Wait. Your request is being processed... |
|
sofaware.infopop.cc SofaWare Discussion Groups SmartCenter Management 2 Edges HA Setup Problem , only at failover time. | View $GS_USERNAME's Public Profile |
| Add $GS_USERNAME to my Ignore List |
| View Recent Posts by $GS_USERNAME |
| Notify me of New Posts by $GS_USERNAME |