[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] 2nd vpn setup ?s
Title: 2nd vpn setup ?s Hi all
I'm trying to work with a vendor to set up a vpn between our site
and theirs but having troubles. Can anyone tell me what I'm
doing wrong?
Versions: We have a Nokia box running FW1 4.1 SP1.
They are using a Nortel Connectivity box (version unknown).
Background: Currently we have a vpn setup between this
location and one of our other locations. It works fine.
Both of our sites are using FW1 4.1 SP1. This new setup is with
a vendor.
Objects:
The nortel_FW object is setup with the proper IP and net mask.
On the VPN tab, the following is checked: Other then a group
created for the nokia_lan. IKE, 3DES, SHA1, Preshared
Secret is used.
The nokia_FW object is setup with the proper IP and net mask as
well. On the VPN tab, the following is checked: Other then a group
created for the nokia_lan. IKE, DES, CAST, 3DES, MD5, SHA1,
preshared secret.
Security Policy Rules:
#
1
2
3
4
5
6
Rule one is for the vpn already working. Rule two was
suggested as needed by the nortel folks so that the key only gets
exchanged by the firewalls. I thought that happened anyway and I
didn't have to write a rule for it. Rule three is to allow the
new vpn in with the vendor. Rule four is drop anything going
directly to the firewall. Rule five is to allow anything from
our network outbound (for the sake of simplicity here). Rule 6
drops anything else not covered above.
NAT Rules:
#
1
2
3
4
5
Everything stays original here except whatever leaves the local
lan would be nat'd behind the firewall.
So what am I forgetting? In the log, I can see my key being
pushed out to them but I'm not seeing anything from their side.
thanks for any help you can give me.
cee
|