We have set up an IPsec site to site VPN tunnel with ASA5510 and Checkpoint on the remote side. ASA5510 is running version 7.2.1. The VPN tunnel comes up but when users use windows Remote desktop to access the remote servers the user sessions get disconnected automatically after few minutes. We have tested the same setup replacing the ASA5510 with PIX 515E an there are no problems.
I am having same trouble with AS/400 sessions, and I can't seem to find any solution to problem, Cisco is no help. Does anyone know a problem with Checkpoints?? Why does it work ok with PIX515? Does Checkpoint need to be updated? Any suggestions ????
could you post your config espacially related to crypto and isakmp
we have similar senario using ASA5520 connecting to our partner and on the other DR site connecting PIX515E to the same partner to Checkpoint in both cases and AS/400 and other sessions have no problem at all.
also is it only happening with remote desktop sessions or with everthing.
I faced the same issue. I migrated the existing PIX 515E to ASA 5510 and one of the site-site VPN tunnels was with a Checkpoint firewall, and I got the same behaviour. On the checkpoint end they were getting so many log errors of "Packet is dropped because there is no valid SA"
I made it work by changing the crypto map configuration to dynamic, so it will accept any IPSec SA from checkpoint end.
I would appreciate if there is a fix/solution for this ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...