Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] VPN and NAT

To: "'[email protected]'" <[email protected]>
Subject: [FW1] VPN and NAT
From: Jeff Blada <[email protected]>
Date: Mon, 23 Apr 2001 15:51:27 -0500
Sender: [email protected]

Hello,

I am having a problem setting up a LAN-to-LAN VPN using SKIP, both firewalls
are v4.1, running on NT 4.0 sp6. Both firewalls are using automatic hide
NAT. After configuring the VPN, I am unable to ping or connect to resources
from internal to internal network, and I do not see any encryption occuring
in the log. I do get the following error "Encryption failure: gateway
connected to both endpoints scheme: SKIP". NAT to the internet is
functioning properly at both sites. I am able to successfully generate and
pull the encryption keys. 

Here is the configuration:

netA --- (le0) firewallA (le1) -- internet --- (le0) firewallB (le1) --
netB
        
        netA is private: 192.168.0.0
        le0: is 192.168.0.1
        le1: is 209.219.110.130
        
        netA objects:
        netAfw - local firewall object
        netBfw - remote fireall object
        netA-net - local network object
        	network: 192.168.0.0
        netB-net - remote network object
            network: 192.168.1.0

        encryption rule on firewallA:
        netA-net    netB-net    any    encrypt    long    gateway    all
        netB-net    netA-net    any	  encrypt    long    gateway    all

        netB is private: 192.168.1.0
        le0: 192.168.1.1
        le1: 24.9.197.124
        
        netB objects:
        netBfw - local firewall object
        netAfw - remote firewall object
        netB-net - local network object
        netA-net - remote firewall object

        encryption rule on firewallB:
        netB-net    netA-net    any    encrypt    long    gateway    all
        netA-net    netB-net    any    encrypt    long    gateway    all


on firewallA: address translation 
automatic hide: 192.168.0.0 -> 209.219.110.130

on firewallB: address translation
automatic hide: 192.168.1.0 -> 24.9.197.124

Am I missing something? What should my encryption domains contain to account
for the NAT? Do I need any other rules?

Thanks for any help!


Jeff Blada, MCSE, CCA, CCNA
Senior Network Technician
Agility Computer Network Services, L.L.C.================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] ipsec & compression
Next by Date: RE: [FW1] MAC address filtering ?
Previous by thread: [FW1] ipsec & compression
Next by thread: [FW1] VPN products compatible with Firewall-1
Index(es):
- Date
- Thread