[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] [FW1 VPN] - one way only? - I need help
Hi, I tried to set up an IPSec VPN with pre-shared keys, using SSH Sentinel. The basic key exchange works, and I can send packets from my client through the fw into my intranet. But the replies out of the intranet aren't protected. Packet exchange is like this: SSH Sentinel -> FW1: Send packet with ESP protection FW1 -> Intranet-Server: Sends packet, without protection (Conn req.) Intrant-Server -> FW1: Reply packet, without encryption (Ack) FW1 -> SSH Sentinel: Reply packet, without encryption (Ack) ...and then some more packets, and replies with (Ack+Sync) Firewall rules are: Source: Dest: Service Action SSH Sentinel FW1 IPSEC Accept FW1 SSH Sentinel IPSEC Accept SSH Sentinel Intranet Any Encrypt Any help is welcome! Patrick Lotti ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|