Cisco 1812 site to site vpn on checkpoint firewall

Discussion in 'Hardware' started by martysharkey, Oct 25, 2006.

  1. martysharkey

    martysharkey

    Joined:
    Oct 25, 2006
    Messages:
    1
    Hi,

    I am a complete novice as far as cisco goes but i thought i would have a stab anyway.

    I have a cisco 1812 router 2 WAN ports and 8 LAN ports. int 0 is configured as an outside interface and int 1 as internal. i am within a very complex enveirnment and due to security restrictions i am only allowed to use port 500, so troubleshooting outside of this is a nightmare.

    i have been able to create a successful vpn connection to our head office which uses a checkpoint firewall to terminate the connection.

    I cannot however ping or access resources on the other end and get a log of bad packets sent very often.

    Using the new cisco sdm interface i can test the tunnel and the return is this

    Router Details

    Attribute Value
    Router Model 1812W
    Image Name c181x-advipservicesk9-mz.124-2.XA.bin
    IOS Version 12.4(2)XA
    Hostname Router


    Test Activity Summary

    Activity Status
    Checking the tunnel status... Up


    Test Activity Details

    Activity Status
    Checking the tunnel status... Up
    Encapsulation :91
    Decapsulation :0
    Send Error :2
    Received Error :0


    Troubleshooting Results Failure Reason(s) Recommended Action(s)

    A ping with data size of this VPN interface MTU size and 'Do not Fragment' bit set to the other end VPN device is failing. This may happen if there is a lesser MTU network which drops the 'Do not fragment' packets. 1)Contact your ISP/Administrator to resolve this issue. 2)Issue the command 'crypto ipsec df-bit clear' under the VPN interface to avoid packets drop due to fragmentation.



    can anyone advise me of what best t do?
     
    martysharkey, Oct 25, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. qazaka
    Replies:
    0
    Views:
    733
    qazaka
    Oct 9, 2003
  2. terrydoc@o2.ie

    Site to site VPN - PIX to Checkpoint

    terrydoc@o2.ie, Jul 5, 2007, in forum: Cisco
    Replies:
    5
    Views:
    1,448
    darrenfgreen@tiscali.co.uk
    Jul 7, 2007
  3. Ned
    Replies:
    0
    Views:
    594
  4. SS
    Replies:
    2
    Views:
    1,485
  5. Dav
    Replies:
    2
    Views:
    1,400
    Igor MamuziƦ aka Pseto
    May 5, 2009
Loading...

Share This Page