Site to site VPN with a Nokia Checkpoint VPN fails if initiated from the BorderManager 3.8

  • 3532695
  • 14-Nov-2007
  • 26-Apr-2012

Environment


Novell BorderManager 3.8 Support Pack 5

Situation

Site to site VPN with a Nokia Checkpoint VPN fails if initiated from the BorderManager 3.8 but it works if initiated from Checkpoint device.
IKE.LOG files shows that Novell BorderManager is seing a PROXY ID 4 regardless of the configuration in iManager. iManager has configured a protected host behind the Checkpoint firewall so Novell BorderManager should send a PROXY ID 1. This is what Checkpoint expects and because it is getting the type 4, it is failing.
If Checkpoint initialize the connection, there is no issue as Novell BorderManager accepts the setting sent by Checkpoint.

Resolution

This is fixed in the IKE.NLM in Novell BorderManager 3.9

Additional Information

Problem is the snapin stores the host ip with type 4 and mask 255.255.255.255. This has been changed so now IKE sends the correct PROXY ID 1 when host is configured

Feedback service temporarily unavailable. For content questions or problems, please contact Support.