[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Manual IPSEC question
Rick, add another rule (an IPSEC or IKE rule) on both firewalls. my internal network - other internal network - IPSEC - Accept other internal network - my internal network - IPSEC - Accept ----- Original Message ----- From: "Rick Camp" <[email protected]> To: <[email protected]> Sent: Friday, October 27, 2000 2:51 PM Subject: [FW1] Manual IPSEC question > > I am having an issue with a Manual IPSEC between two firewall-1 boxes. Both > are NT, one is 4.0 SP7 the other is 4.1 SP2. > > The encryption works, but is seems like it needs to be primed. If I > initiate a connection (ping, nbtstat, web browsing, etc) from only one side, > it will be encrypted outbound, but there will be no response. this is the > same no matter which network I initiate the connection from. However if I > initiate a connection from both sides the encryption kicks in and works just > fine even if everything else is initiated from only one network. The next > day it will need to be primed from both sides again even though the firewall > was not reset and no security policy changes were made. > > My rulebase looks like this: > > my internal network - other internal network - any - encrypt > other internal network - my internal network - any - encrypt > > If I combined these 2 rules into 1 would it solve the problem? > > I was initially trying to set up IKE or ISAKMP between the two, but this > seemed to complicated until the 4.0 box was upgraded to 4.1 because 4.0 > won't do entire subnets with IKE yet. > > Any suggestions would be greatly appreciated. > > Thanks, > > Rick > > > _______________________________________ > Rick Camp > Welsh Consulting, Inc. > 31 Milk Street, Suite 805 > Boston, MA 02109 >Tel >Fax > [email protected] > www.welsh.com > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|