Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Manual IPSEC question

To: "Rick Camp" <[email protected]>, <[email protected]>
Subject: Re: [FW1] Manual IPSEC question
From: "dan snyder" <[email protected]>
Date: Sat, 28 Oct 2000 12:13:09 -0400
References: <[email protected]>
Sender: [email protected]

Rick,
add another rule (an IPSEC or IKE rule) on both firewalls.
my internal network - other internal network - IPSEC - Accept
other internal network - my internal network - IPSEC - Accept


----- Original Message -----
From: "Rick Camp" <[email protected]>
To: <[email protected]>
Sent: Friday, October 27, 2000 2:51 PM
Subject: [FW1] Manual IPSEC question


>
> I am having an issue with a Manual IPSEC between two firewall-1 boxes.
Both
> are NT, one is 4.0 SP7 the other is 4.1 SP2.
>
> The encryption works, but is seems like it needs to be primed.  If I
> initiate a connection (ping, nbtstat, web browsing, etc) from only one
side,
> it will be encrypted outbound, but there will be no response.  this is the
> same no matter which network I initiate the connection from.  However if I
> initiate a connection from both sides the encryption kicks in and works
just
> fine even if everything else is initiated from only one network.  The next
> day it will need to be primed from both sides again even though the
firewall
> was not reset and no security policy changes were made.
>
> My rulebase looks like this:
>
> my internal network - other internal network - any - encrypt
> other internal network - my internal network - any - encrypt
>
> If I combined these 2 rules into 1 would it solve the problem?
>
> I was initially trying to set up IKE or ISAKMP between the two, but this
> seemed to complicated until the 4.0 box was upgraded to 4.1 because 4.0
> won't do entire subnets with IKE yet.
>
> Any suggestions would be greatly appreciated.
>
> Thanks,
>
> Rick
>
>
> _______________________________________
> Rick Camp
> Welsh Consulting, Inc.
> 31 Milk Street, Suite 805
> Boston, MA 02109
>Tel
>Fax
> [email protected]
> www.welsh.com
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Manual IPSEC question
  - From: Rick Camp <[email protected]>

Prev by Date: RE: [FW1] User list administration
Next by Date: RE: [FW1] User list administration
Previous by thread: [FW1] Manual IPSEC question
Next by thread: RE: [FW1] Manual IPSEC question
Index(es):
- Date
- Thread