I'm trying to setup a 3rd party S2S VPN to a checkpoint appliance.
I have a BM 3.8 server patched to SP5 on a 6.5 SP7 server. I have been followed the steps outlined in Craig's latest book although he uses a Linksys device in his example.

On the surface (as best I can tell) my configuration is correct. But when the server initiates a connection as echoed on the console eg,

"Call connection established for protocol IP destination VPTUNNEL@IPADDRESS"

No traffic destined for the checkpoint device ever leaves the server. If I do a stopvpn, start an TCP IP debug, then do a startvpn. The conlog never shows any traffic to specified checkpoint IP. The IKE console is also static.

I'm testing this with filters disabled.

If I change the checkpoint slaves authentication method from Non BM PSK to say BM 3.8 certificate based authentication. The server will actually attempt to connect to the checkpoint slave. A trace shows packets being sent and received plus plenty of IKE activity is seen.

But when I switch back to PSK on the checkpoint slave.......................nothing. This is what I see in using CSAUDIT:

- A VPN site licence has been acquired
- Started VPNIBF.NLM
- Started VPNMaster.nlm
- The trusted root container of this VPN server is TRC-VPNSERVER.context
- Server is hosting Site-To_Site Services
- Configured server certificate is ServerCert - VPNServer.context
- VPN GetRootCert: Read trusted root certs from TRC - VPNServer.context
- VPN S2S service trusted root container is TRC - VPNServer.context
- VPNGettRootCert: Read trusted root certs from TRC - VPNServer.context
- Server VPNServer added to IPSEC
- Policy:Tunnel.3rdpartyVPNRules.VPNS2SVPNServer.con text has been
added / modified
-Policy:Tunnel_DEFAULT_RULE.3rdPartyVPNRules.VPNS2S VPNServer.context has been added/modified
- S2S Call initiation direction is both sides
- S2S topology is mesh
- Policy: Default_Traffic_Rule.VPNRules.VPNS2SVPNServer.cont ext has been added/modified
- VPN Member Tunnel is configured for outbound call
- Configured RIP file to indicate that the VPN tunnel is active
- VPN tunnel routed to
- VPN tunnel routed to
- Enable IP Routes
- SPX/IPX is bound to the VPN tunnel
- TCP/IP is bound to the VPN tunnel
- Server VPNServer removed from IPSEC
- Server Tunnel added to IPSEC
- VPN control is reinitializing system
- Waiting for reinitialize system to start
- Reinitialize system started to process commands
- The VPTunnel is initializing
- Configuring VPN member VPNServer
- The VPTunnel has been initialized
- Configured VPN member VPNServer
- Configured vendor member Tunnel
- Initiated an IP call to Tunnel@IPADDRESS
- The trusted root container of this VPN server is TRC - VPNServer.context
- The configured server certificate is ServerCert - VPNServer.context
- VPNGetRootCert: Read trusted root cert from TRC - VPNServer.context
- Send update cfg to 1 for type of mask = 7, typeofcfg=1
- Send update cfg to 2 for type of mask = 31, typeofcfg=1

__________________End of Log_____________________________

The last two lines of the csaudit log are always the same. I thought it may
have been an Imanager issue not setting the correct values or something.
I was using version 2.7. As this is not currently a production server I rebuilt it from scratch but this time installed the standalone version of Imanager 2.6SP4

I seeing exactly the same issue as I was before. If any body could possibly tell me where I'm going wrong it would be greatly appreciated.