Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] IKE VPN Illegal <---> Illegal

To: [email protected]
Subject: [FW1] IKE VPN Illegal <---> Illegal
From: Blitzzz blitzzz <[email protected]>
Date: Sun, 25 Mar 2001 14:31:24 -0800 (PST)
Sender: [email protected]

Hi,

I have the following setup...
Checkpoint 4.1 SP3 Stand-Alone on NT 4.0 SP6a (both
machines)
Internal_NetA(172.16.1.0) ------> FW-A ---router--->
Internet <---------FW-B
<---router--------Internal_NetB(192.168.1.0)
I'm using IKE with a shared secret, 3DES + MD5
Phase 1 and Phase 2 complete without any problems.
The rule is as follows:

#   Source              Destination            Service
   Action
1- Internal_NetA    Internal_NetB       ANY      
Encrypt
2- Internal_NetB    Internal_NetA       ANY      
Encrypt

Encryption domain is...
For FW-A is Internal_NetA + FW-A
For FW-B is Internal_NetB + FW-B

Address Translation
On FW-A
Internal_NetA ---> Internal_NetA   orig. orig. orig.
Internal_NetA ---> Any                   FW-A  orig.
orig.

On FW-B
Internal_NetB ---> Internal_NetB   orig. orig. orig.
Internal_NetB ---> Any                   FW-B  orig.
orig.

The problem i'm having is that from Internal_NetA i
cannot PING
Internal_NetB and vice-versa.
I can see the packet in the log of the FW-A ......
Encrypt  172.16.1.2 ---->
192.168.1.2   etc..... (Same applies to FW-B)
But at the other end I do not see anything in the log.
The only thing i see
is ....KEY INSTALL  FW-A(Valid Address) ---> FW-B
(Valid Address)
(Same applies to FW-B)

I can however PING the remote Firewalls external IP
address and it encrypts
and decrypts from both the 172.16.1.0 and 192.168.1.0
networks.
I believe it to be a routing issue on the firewalls,
i've tried to add a
route on FW-A and FW-B.... This is the example of
FW-A...
route add Internal_NetB FW-B External IP Address this
comes out to route add
192.168.1.0 205.150.x.x
Is this correct ? If not can someone show me the right
way of doing it ? Am
i missing something ?

I sure hope someone can help me, I'm going crazy !!!!!

Thanking you in advance.

Blitz




__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Platform Question (See Notice Below)
Next by Date: [FW1] CNTE Exam!!
Previous by thread: Re: [FW1] Automating Securemote
Next by thread: RE: [FW1] IKE VPN Illegal <---> Illegal
Index(es):
- Date
- Thread