Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] VPN between two private networks without NAT

To: "'[email protected]'" <[email protected]>
Subject: [FW1] VPN between two private networks without NAT
From: "Grigson, Phil" <[email protected]>
Date: Tue, 27 Feb 2001 16:33:08 -0000
Sender: [email protected]

I have a common scenario, two private networks that need to be connected
with a VPN over the Internet. We need to machines talk across the VPN using
their internal network addresses, ie no NAT.

I have the VPN set up in both Firewalls, and a machine in one network can
tracert successfully to a machine in the other network.  However, trying the
reverse causes the ICMP reply to be rejected by the encryption rule with the
following info:

encryption failure: Packet is not IPSEC scheme: IKE

One network is protected by FW-1 4.1 SP3 running on a Nokia 440, the other
by FW-1 4.1 SP2 on an NT4 box. Coming from the network beyond the NT
firewall to the network behind the Nokia firewall works, but not from Nokia
-> NT.

I read that this can occur if one box is one box is SP2 or SP3 and the other
is SP1, but that doesn't appear to apply in this case.

Is anyone able to help me out with some advice on where to tackle this?


_________________________________________________________________

Notice of Confidentiality

This transmission contains information which may be confidential
and which may also be privileged. Unless you are the intended
recipient of the message (or authorised to receive it for the
intended recipient) you may not copy, forward or use it, or
disclose it or its contents to anyone else.

If you have received this transmission in error please notify us
immediately at:

[email protected]   or

IT Manager:  +44 1737 241144
Fax:         +44 1737 241496


Watson Wyatt Partners is regulated by the Institute of Actuaries 
in the conduct of UK investment business.
_________________________________________________________________


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Question about user authentication
Next by Date: RE: [FW1] Need some info: "Unknown established TCP packet"
Previous by thread: RE: [FW1] Problem installing sp3 of Firewall one on Solaris 2.7
Next by thread: RE: [FW1] VPN between two private networks without NAT
Index(es):
- Date
- Thread