[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] [FW1 VPN] - one way only? - I need help
you will need the same rule in the other direction.
-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
Patrick Lotti
Sent: Friday, May 04, 2001 5:13 AM
To: [email protected]
Subject: [FW1] [FW1 VPN] - one way only? - I need help
Hi,
I tried to set up an IPSec VPN with pre-shared keys, using SSH Sentinel.
The basic key exchange works, and I can send packets from my client
through the fw into my intranet. But the replies out of the intranet aren't
protected.
Packet exchange is like this:
SSH Sentinel -> FW1: Send packet with ESP protection
FW1 -> Intranet-Server: Sends packet, without protection (Conn req.)
Intrant-Server -> FW1: Reply packet, without encryption (Ack)
FW1 -> SSH Sentinel: Reply packet, without encryption (Ack)
...and then some more packets, and replies with (Ack+Sync)
Firewall rules are:
Source: Dest: Service Action
SSH Sentinel FW1 IPSEC Accept
FW1 SSH Sentinel IPSEC Accept
SSH Sentinel Intranet Any Encrypt
Any help is welcome!
Patrick Lotti
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================