Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Manual IPSEC question

To: "'[email protected]'" <[email protected]>, "'Rick Camp'" <[email protected]>
Subject: RE: [FW1] Manual IPSEC question
From: Andre van der Lans <[email protected]>
Date: Mon, 30 Oct 2000 08:15:43 +0100
Sender: [email protected]

Rick,

Did you try to alter the AH and the ESP of the IPSec encryption scheme?
I've faced the same problem, the tunnel wasn't working with 3DES ESP and SHA1 AH, but
with MD5 AH everything worked just fine.

Looks like a bug to me,

Regards, Andre



----------
From: 	Rick Camp[SMTP:[email protected]]
Sent: 	Friday, October 27, 2000 7:51 PM
To: 	'[email protected]'
Subject: 	[FW1] Manual IPSEC question


I am having an issue with a Manual IPSEC between two firewall-1 boxes.  Both
are NT, one is 4.0 SP7 the other is 4.1 SP2.  

The encryption works, but is seems like it needs to be primed.  If I
initiate a connection (ping, nbtstat, web browsing, etc) from only one side,
it will be encrypted outbound, but there will be no response.  this is the
same no matter which network I initiate the connection from.  However if I
initiate a connection from both sides the encryption kicks in and works just
fine even if everything else is initiated from only one network.  The next
day it will need to be primed from both sides again even though the firewall
was not reset and no security policy changes were made.

My rulebase looks like this:

my internal network - other internal network - any - encrypt
other internal network - my internal network - any - encrypt

If I combined these 2 rules into 1 would it solve the problem?

I was initially trying to set up IKE or ISAKMP between the two, but this
seemed to complicated until the 4.0 box was upgraded to 4.1 because 4.0
won't do entire subnets with IKE yet.

Any suggestions would be greatly appreciated.

Thanks,

Rick


_______________________________________
Rick Camp
Welsh Consulting, Inc. 
31 Milk Street, Suite 805 
Boston, MA 02109TelFax 
[email protected] 
www.welsh.com



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

______________________________________________________________________________
This message has been checked for all known viruses by KPN IV-Scan, 
Powered by MessageLabs. 
For further information visit:
http://www.veiliginternet.nl
______________________________________________________________________________





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] URI Specification File Format
Next by Date: [FW1] Sub interface on the External interface
Previous by thread: Re: [FW1] Manual IPSEC question
Next by thread: Re: [FW1] Manual IPSEC question
Index(es):
- Date
- Thread