Environment
Novell BorderManager 3.8 Support Pack 5
Situation
Site to site VPN with a Nokia Checkpoint VPN fails if initiated
from the BorderManager 3.8 but it works if initiated from
Checkpoint device.
IKE.LOG files shows that Novell BorderManager is seing a PROXY ID 4 regardless of the configuration in iManager. iManager has configured a protected host behind the Checkpoint firewall so Novell BorderManager should send a PROXY ID 1. This is what Checkpoint expects and because it is getting the type 4, it is failing.
If Checkpoint initialize the connection, there is no issue as Novell BorderManager accepts the setting sent by Checkpoint.
IKE.LOG files shows that Novell BorderManager is seing a PROXY ID 4 regardless of the configuration in iManager. iManager has configured a protected host behind the Checkpoint firewall so Novell BorderManager should send a PROXY ID 1. This is what Checkpoint expects and because it is getting the type 4, it is failing.
If Checkpoint initialize the connection, there is no issue as Novell BorderManager accepts the setting sent by Checkpoint.
Resolution
This is fixed in the IKE.NLM in Novell BorderManager 3.9
Additional Information
Problem is the snapin stores the host ip with type 4 and mask
255.255.255.255. This has been changed so now IKE sends the correct
PROXY ID 1 when host is configured