[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] VPN with v4.1 and v4.0
I have a dozen firewalls, 5 of which are managed from a remote management console, and 7 of which are managed from my management console. I recently upgraded my management console to CP 2000, or version 4.1. I have no problems managing my firewall from this. Last night I upgraded my local firewall gateway from v4.0 to v4.1. I changed the object definition to reflect the fact that the firewall is now at 4.1. Everything seems to work just fine on the firewall, except that now encryption is broken to all of the other firewalls. My 7 firewalls all use my management console for their CA, and the other 5 use the other management console for thier CA. I was able to generate new keys for the 4.1 firewall, which of course replaced the keys on all of my 7 firewalls. I pushed out new policies to all of my firewalls, then got the keys from the remote management server and pushed out policies to the 5 other firewalls. Basically, everybody now has new keys, and fresh policies. Encryption still works among all of the firewalls except for mine. The only error messages I'm getting from the firewalls is "Failed to reply scheme: FWZ" from my firewall trying to VPN to others. >From external firewalls, trying to VPN to me, I get: "No peer gateway found for the destination sheme: FWZ" I cloned my disk last night before the upgrade, so today I just booted from the old disk, after changing the object definition of the firewall to be 4.0 again. The firewall came up just fine as a 4.0 firewall, fetched the new policy, and encryption works again between this one and all of the others. What am I missing? It doesn't seem to be a rule problem, because it works great under 4.0. Nothing changes in terms of the rules or the object definition from 4.0 to 4.1 (except the box that shows the firewall version, of course), and yet encryption breaks. Any help would be appreciated. Sorry for such a long post. Jason ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|