ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

Config issues from NS50 to SSG140

05.21.09   |  
‎05-21-2009 11:15 AM

Hi All

 

I have recently upgraded a pair of NS50 Firewalls to SSG140s everything went great however the LAN2LAN VPNs from all sites did not work, when I was configuring the pair of SSGs I "cut and pasted" the VPN config into the command line on the SSG.

 

I am thinking now that this is causing the issues though on some of the VPNs - it is also failing on phase two and is quite random.

 

Do you think it would be best to not use legacy config and start everything from scratch ?

I will have to contact a few other vendors to change their configs which is a right pain ...

 

Thanks

 

--M--

2 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Config issues from NS50 to SSG140

05.21.09   |  
‎05-21-2009 11:20 AM

If there were some issue with the keys, I dont think the vpn would come up at all. Could you show us the "get event" when the vpn went down?

That will give us a better idea of what was going on.

 

 

****pls click the button " Accept as Solution" if my post helped to solve your problem****
ScreenOS Firewalls (NOT SRX)

Re: Config issues from NS50 to SSG140

05.23.09   |  
‎05-23-2009 12:56 AM

Hi,

 

What firmware you were running in NS50 and what firmware are you running in SSG140 ?

The only difference is just about the interfaces and SSG has Bgroups.

Please provide the

1) get ike coo

2) get sa

3) get event

 

Then we oeuld have better understanding of the problem

 

Thanks