Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > General Computer Discussion > Hardware > Cisco 1812 site to site vpn on checkpoint firewall

Thread Tools

Cisco 1812 site to site vpn on checkpoint firewall

martysharkey martysharkey is offline
Junior Member
Join Date: Oct 2006
Posts: 1

I am a complete novice as far as cisco goes but i thought i would have a stab anyway.

I have a cisco 1812 router 2 WAN ports and 8 LAN ports. int 0 is configured as an outside interface and int 1 as internal. i am within a very complex enveirnment and due to security restrictions i am only allowed to use port 500, so troubleshooting outside of this is a nightmare.

i have been able to create a successful vpn connection to our head office which uses a checkpoint firewall to terminate the connection.

I cannot however ping or access resources on the other end and get a log of bad packets sent very often.

Using the new cisco sdm interface i can test the tunnel and the return is this

Router Details

Attribute Value
Router Model 1812W
Image Name c181x-advipservicesk9-mz.124-2.XA.bin
IOS Version 12.4(2)XA
Hostname Router

Test Activity Summary

Activity Status
Checking the tunnel status... Up

Test Activity Details

Activity Status
Checking the tunnel status... Up
Encapsulation :91
Decapsulation :0
Send Error :2
Received Error :0

Troubleshooting Results Failure Reason(s) Recommended Action(s)

A ping with data size of this VPN interface MTU size and 'Do not Fragment' bit set to the other end VPN device is failing. This may happen if there is a lesser MTU network which drops the 'Do not fragment' packets. 1)Contact your ISP/Administrator to resolve this issue. 2)Issue the command 'crypto ipsec df-bit clear' under the VPN interface to avoid packets drop due to fragmentation.

can anyone advise me of what best t do?
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPSec VPN Cisco 1812 and ASA 5510 Dav Cisco 2 05-05-2009 07:32 AM
1812 site-to-site VPN DynDNS question SS Cisco 2 01-12-2008 08:16 PM
Cisco VPN client OK - Checkpoint VPN client not OK Ned Cisco 0 10-12-2007 01:02 PM
Site to site VPN - PIX to Checkpoint Cisco 5 07-07-2007 06:56 AM
Cisco IPSEC VPN to CheckPoint firewall and linux server concern qazaka Cisco 0 10-09-2003 08:18 AM