Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] RE: Manual IPSEC question

To: "'[email protected]'" <[email protected]>
Subject: [FW1] RE: Manual IPSEC question
From: Rick Camp <[email protected]>
Date: Fri, 27 Oct 2000 15:02:19 -0400
Sender: [email protected]

One additional item,  the firewalls are not managed by the same management
stations.  So this is basically an extranet configuration.

Thanks again

Rick

_______________________________________
Rick Camp
Welsh Consulting, Inc. 
31 Milk Street, Suite 805 
Boston, MA 02109TelFax 
[email protected] 
www.welsh.com

>  -----Original Message-----
> From: 	Rick Camp  
> Sent:	Friday, October 27, 2000 2:51 PM
> To:	'[email protected]'
> Subject:	Manual IPSEC question
> 
> I am having an issue with a Manual IPSEC between two firewall-1 boxes.
> Both are NT, one is 4.0 SP7 the other is 4.1 SP2.  
> 
> The encryption works, but is seems like it needs to be primed.  If I
> initiate a connection (ping, nbtstat, web browsing, etc) from only one
> side, it will be encrypted outbound, but there will be no response.  this
> is the same no matter which network I initiate the connection from.
> However if I initiate a connection from both sides the encryption kicks in
> and works just fine even if everything else is initiated from only one
> network.  The next day it will need to be primed from both sides again
> even though the firewall was not reset and no security policy changes were
> made.
> 
> My rulebase looks like this:
> 
> my internal network - other internal network - any - encrypt
> other internal network - my internal network - any - encrypt
> 
> If I combined these 2 rules into 1 would it solve the problem?
> 
> I was initially trying to set up IKE or ISAKMP between the two, but this
> seemed to complicated until the 4.0 box was upgraded to 4.1 because 4.0
> won't do entire subnets with IKE yet.
> 
> Any suggestions would be greatly appreciated.
> 
> Thanks,
> 
> Rick
> 
> 
> _______________________________________
> Rick Camp
> Welsh Consulting, Inc. 
> 31 Milk Street, Suite 805 
> Boston, MA 02109 
>Tel 
>Fax 
> [email protected] 
> www.welsh.com
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Manual IPSEC question
Next by Date: [FW1] SSL vs. Securemote
Previous by thread: Re: [FW1] Manual IPSEC question
Next by thread: [FW1] SSL vs. Securemote
Index(es):
- Date
- Thread