[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Manual IPSEC question
Please correct me if I'm wrong, but don't you mean: fw_me fw_them IPSec fw_they fw_me IPSec Thanks -- Chris --- dan snyder <[email protected]> wrote: > > Rick, > add another rule (an IPSEC or IKE rule) on both > firewalls. > my internal network - other internal network - IPSEC > - Accept > other internal network - my internal network - IPSEC > - Accept > > > ----- Original Message ----- > From: "Rick Camp" <[email protected]> > To: <[email protected]> > Sent: Friday, October 27, 2000 2:51 PM > Subject: [FW1] Manual IPSEC question > > > > > > I am having an issue with a Manual IPSEC between > two firewall-1 boxes. > Both > > are NT, one is 4.0 SP7 the other is 4.1 SP2. > > > > The encryption works, but is seems like it needs > to be primed. If I > > initiate a connection (ping, nbtstat, web > browsing, etc) from only one > side, > > it will be encrypted outbound, but there will be > no response. this is the > > same no matter which network I initiate the > connection from. However if I > > initiate a connection from both sides the > encryption kicks in and works > just > > fine even if everything else is initiated from > only one network. The next > > day it will need to be primed from both sides > again even though the > firewall > > was not reset and no security policy changes were > made. > > > > My rulebase looks like this: > > > > my internal network - other internal network - any > - encrypt > > other internal network - my internal network - any > - encrypt > > > > If I combined these 2 rules into 1 would it solve > the problem? > > > > I was initially trying to set up IKE or ISAKMP > between the two, but this > > seemed to complicated until the 4.0 box was > upgraded to 4.1 because 4.0 > > won't do entire subnets with IKE yet. > > > > Any suggestions would be greatly appreciated. > > > > Thanks, > > > > Rick > > > > > > _______________________________________ > > Rick Camp > > Welsh Consulting, Inc. > > 31 Milk Street, Suite 805 > > Boston, MA 02109 > >Tel > >Fax > > [email protected] > > www.welsh.com > > > > > > > > > ============================================================================ > ==== > > To unsubscribe from this mailing list, please > see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ============================================================================ > ==== > > > > > ================================================================================ > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ================================================================================ __________________________________________________ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|