[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] problem with IKE vpn
In network address translation policy, add the following rules: NET-A>>>NET-B>>ANY>>ORIGINAL NET-B>>>NET-A>>ANY>>ORIGINAL Do it on both Firewalls. When IPSEC tunnel is established, no NAT needs to be done on either side of the tunnel, because all the ip headers from the internal networks are encapsulated in the gateway's external IP address. HTH Michael. -----Original Message----- From: Mick Gunter [mailto:[email protected]] Sent: Wednesday, March 21, 2001 8:31 PM To: [email protected] Subject: [FW1] problem with IKE vpn Hello, Am working on setting up a point to point IKE VPN between two Nokia IP330 boxes. both are vpn-1 4.1 sp2. After configuring both sides for VPN, I can originate communication from site A to site B but not from Site B to site A. The curious thing in the logs is that on site A (the site that seems to work) when I ping site B the log records the actual (invalid) IP addresses for both the source and destination node On site B (the site that doesn't work) the log file records the external if of site A's firewall. I have hide nat configured for both internal network subnets. thanks in advance for assistance, Mick ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|