[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Manual IPSEC question
Rick, Did you try to alter the AH and the ESP of the IPSec encryption scheme? I've faced the same problem, the tunnel wasn't working with 3DES ESP and SHA1 AH, but with MD5 AH everything worked just fine. Looks like a bug to me, Regards, Andre ---------- From: Rick Camp[SMTP:[email protected]] Sent: Friday, October 27, 2000 7:51 PM To: '[email protected]' Subject: [FW1] Manual IPSEC question I am having an issue with a Manual IPSEC between two firewall-1 boxes. Both are NT, one is 4.0 SP7 the other is 4.1 SP2. The encryption works, but is seems like it needs to be primed. If I initiate a connection (ping, nbtstat, web browsing, etc) from only one side, it will be encrypted outbound, but there will be no response. this is the same no matter which network I initiate the connection from. However if I initiate a connection from both sides the encryption kicks in and works just fine even if everything else is initiated from only one network. The next day it will need to be primed from both sides again even though the firewall was not reset and no security policy changes were made. My rulebase looks like this: my internal network - other internal network - any - encrypt other internal network - my internal network - any - encrypt If I combined these 2 rules into 1 would it solve the problem? I was initially trying to set up IKE or ISAKMP between the two, but this seemed to complicated until the 4.0 box was upgraded to 4.1 because 4.0 won't do entire subnets with IKE yet. Any suggestions would be greatly appreciated. Thanks, Rick _______________________________________ Rick Camp Welsh Consulting, Inc. 31 Milk Street, Suite 805 Boston, MA 02109TelFax [email protected] www.welsh.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ______________________________________________________________________________ This message has been checked for all known viruses by KPN IV-Scan, Powered by MessageLabs. For further information visit: http://www.veiliginternet.nl ______________________________________________________________________________ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|