Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] vpn problems

To: [email protected], [email protected]
Subject: RE: [FW1] vpn problems
From: [email protected]
Date: Wed, 27 Sep 2000 09:41:53 -0400
Sender: [email protected]

Title: RE: [FW1] vpn problems

My suspcicion is that you do not have your encryption domain set up properly for the Linux to NT encryption.

From what you are saying there the following is happening.

Net A -> NT -> Internet -> Linux -> Net B

When you send a ping from Net A to Net B the NT FW sees that this should be encrypted, sends it off to Linux box encrypted, the Linux box decrypts, the traffic hits the destination and replies. The reply traffic hits the Linux box. However the Linux box decides NOT to encrypt the traffic.

The above example assumes the following. A. You do not have any assymetric routing problems. Are these boxes connecting solely throught the Internet or do you have another link between the internal nets? B. That the destinations your are trying are routable addresses.

I would check that you have an encrypt rule for both directions and that the encryption domains are set up properly.

Are you doing ping tests? Are you trying end to end or firewall to firewall?

> -----Original Message-----
> From: Idan Dolev [mailto:[email protected]]
> Sent: Tuesday, September 26, 2000 4:42 AM
> To: Firewall_Mailing_List (E-mail)
> Subject: [FW1] vpn problems
>
>
>
> Hi guys,
>
> I am trying to establish a VPN connection between an NF
> firewall 4.0 sp5 and
> a Linux with 4.1 no sp.Both are in single gateways mode.
> I put the same secret key in both, defined the encryption
> domains and set
> the rules with IKE.
> However I have being getting the message " packet is not
> IPSEC scheme" in
> the NT firewall while in my Linux I see decrypt.
>
> Any suggestion ???
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>





***********************************************************************

Gruntal & Co., L.L.C.'s e-mail system is for business purposes only.  

Messages are not confidential.  All e-mail may be reviewed by 

authorized supervisors, compliance or internal audit personnel.

E-mail will be archived for at least three years and may be produced 

to regulatory agencies or others with a legal right to access such

information.  Gruntal will not accept trade order instructions via

e-mail.  Please telephone your Account Executive to place trade orders.



Gruntal & Co., L.L.C.

***********************************************************************

Prev by Date: RE: [FW1] Installing SecuRemote on Windows 2000
Next by Date: RE: [FW1] URL Filters
Previous by thread: RE: [FW1] vpn problems
Next by thread: RE: [FW1] vpn problems
Index(es):
- Date
- Thread