05-21-2009 11:15 AM
I have recently upgraded a pair of NS50 Firewalls to SSG140s everything went great however the LAN2LAN VPNs from all sites did not work, when I was configuring the pair of SSGs I "cut and pasted" the VPN config into the command line on the SSG.
I am thinking now that this is causing the issues though on some of the VPNs - it is also failing on phase two and is quite random.
Do you think it would be best to not use legacy config and start everything from scratch ?
I will have to contact a few other vendors to change their configs which is a right pain ...
05-21-2009 11:20 AM
If there were some issue with the keys, I dont think the vpn would come up at all. Could you show us the "get event" when the vpn went down?
That will give us a better idea of what was going on.
05-23-2009 12:56 AM
What firmware you were running in NS50 and what firmware are you running in SSG140 ?
The only difference is just about the interfaces and SSG has Bgroups.
Please provide the
1) get ike coo
2) get sa
3) get event
Then we oeuld have better understanding of the problem