Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kristian_Nyquis
Contributor

problem with vpn between 77.20 and 80.20

Jump to solution

Hi

I have a solution with a central fw with 80.10 and then two 1430 apppliance with 77.20

Between the 80.10 and the 77.20 i have created a Star vpn network one of the 77.20 can connect to the 80.10 fw with out any problem and is working fine, the second one do not get any connection.

The 77.20 have a connection to the magment server that is working and the 77.20 are centrally managed.

On the 77.20 that can not get the vpn working i get the bellow error in the log.

Any ideas what the problem can be?

Untitled.png

0 Kudos
Reply
1 Solution

Accepted Solutions
Kristian_Nyquis
Contributor

I did remove the 1430 from my config and then added again then it did work.

 

I did notice in the config and the logfiles that on some places the IP on the 1430 was 0.0.0.2 and on some places 0.0.0.3, when i removed the 1430 and then added it back then i did get 0.0.0.4 in the config.

View solution in original post

0 Kudos
Reply
2 Replies
Timothy_Hall
Champion
Champion

It is almost certainly a CRL retrieval issue.  The 1430 that is not working is being presented with your main gateway's certificate for authentication in IKE Phase 1, but cannot retrieve the CRL URL embedded in the certificate from the SMS for some reason.  In the SmartConsole on the main gateway object, go to IPSec VPN and View the certificate.  Look at the embedded CRL URL, that is what the problematic 1430 is not able to retrieve for some reason, you need to troubleshoot from there.

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
Kristian_Nyquis
Contributor

I did remove the 1430 from my config and then added again then it did work.

 

I did notice in the config and the logfiles that on some places the IP on the 1430 was 0.0.0.2 and on some places 0.0.0.3, when i removed the 1430 and then added it back then i did get 0.0.0.4 in the config.

View solution in original post

0 Kudos
Reply