[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] RE: Manual IPSEC question
One additional item, the firewalls are not managed by the same management stations. So this is basically an extranet configuration. Thanks again Rick _______________________________________ Rick Camp Welsh Consulting, Inc. 31 Milk Street, Suite 805 Boston, MA 02109TelFax [email protected] www.welsh.com > -----Original Message----- > From: Rick Camp > Sent: Friday, October 27, 2000 2:51 PM > To: '[email protected]' > Subject: Manual IPSEC question > > I am having an issue with a Manual IPSEC between two firewall-1 boxes. > Both are NT, one is 4.0 SP7 the other is 4.1 SP2. > > The encryption works, but is seems like it needs to be primed. If I > initiate a connection (ping, nbtstat, web browsing, etc) from only one > side, it will be encrypted outbound, but there will be no response. this > is the same no matter which network I initiate the connection from. > However if I initiate a connection from both sides the encryption kicks in > and works just fine even if everything else is initiated from only one > network. The next day it will need to be primed from both sides again > even though the firewall was not reset and no security policy changes were > made. > > My rulebase looks like this: > > my internal network - other internal network - any - encrypt > other internal network - my internal network - any - encrypt > > If I combined these 2 rules into 1 would it solve the problem? > > I was initially trying to set up IKE or ISAKMP between the two, but this > seemed to complicated until the 4.0 box was upgraded to 4.1 because 4.0 > won't do entire subnets with IKE yet. > > Any suggestions would be greatly appreciated. > > Thanks, > > Rick > > > _______________________________________ > Rick Camp > Welsh Consulting, Inc. > 31 Milk Street, Suite 805 > Boston, MA 02109 >Tel >Fax > [email protected] > www.welsh.com > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|