[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] ISAKMP not work for illegal IPs
The two firewalls will require a route to the others workstation object ip address. That is, if the firewall a object contains address x.x.x.x with interfaces x.x.1.x,x.x.2.x, and firewall b has y.y.y.y as its workstation object ip with interfaces y.y.1.y, y.y.2.y, the only way the two boxes will vpn between each other is if firewall a has a valid route to y.y.y.y and vice versa. -Hope I haven't confused you even more... CryptoTech "LIM, Norman" wrote: > Hello, > > I have 2 firewalls on v4 patch 4058 and switched the firewalls to use ISAKMP > for the VPN instead of FWZ. However, I can only successfully run the VPN by > taking legal IP. Any attempts to talk illegal IP will either have nothing > shown in the log or a reject entry saying that the packet is not ISAKMP. > > The encryption domains have been set correctly. > > If I add the following rules into the beginning of the security policy, > before the encryption rule, > > Firewall-A, Firewall-B, ISAKMP, Accept > Firewall-B, Firewall-A, ISAKMP, Accept > > The VPN does not allow legal IP. Illegal IP continues to be not working. > > Do you have any idea what is wrong? Thanks in advance! > > Cheers, > Norman Lim > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|