Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] VPN

To: [email protected]
Subject: Re: [FW1] VPN
From: [email protected]
Date: Tue, 29 May 2001 10:26:27 -0500
Cc: [email protected]
Sender: [email protected]



David:

     Have you checked that these "other" subnets that you are trying to ping are
in the encryption domain?


|--------+----------------------->
|        |          David.Maas@iS|
|        |          KY.com       |
|        |                       |
|        |          05/24/2001   |
|        |          01:03 PM     |
|        |                       |
|--------+----------------------->
  >----------------------------------------------------------------------------|
  |                                                                            |
  |       To:     [email protected]                 |
  |       cc:     (bcc: James E Clukey/Rush/RSH)                               |
  |       Subject:     [FW1] VPN                                               |
  >----------------------------------------------------------------------------|






I am attempting to setup VPN on our Nokia Checkpoint v4.1 SP3 firewall.
I have configured for FWZ & encapsulate secureremote connections, am using
radius for authentication.

I have installed the following rules above my stealth rule:

SOURCE              DES       SERV       ACTION
secureRemote users@any   All Networks    any       client encrypt
firewall                 radius server   radius
accept

I have setup the client with FWZ and all that. I am able to authenticate to
the firewall successfully, I am able to ping and get to servers that are on
the same subnet as the internal address of the firewall.
But my problem is that I am unable to ping or access systems on our other
subnets.
Looking thru the log I see the following after the attempt:

authcrypt      successful     reason client encrption:authenticated by
Radius scheme:FWZ methods: Encapsulation, DES, DES, MD%

deauthrize               reason no policy

When I do a ping to the local subnet I get both a decrypt and an encrypt and
that is working.
When I do a ping to a remote subnet (part of our network) I get a decrypt,
but do not get the corresponding encrypt. No reply from ping.

What am I doing wrong. I did have this working a while back before we did
any upgrades to the firewall.
Any help would be appreciate, since now all of a sudden the company wants to
use VPN. I have been trying to get them to use it and they had said no in
the past. Go figure.
So now I am on a deadline. Any help is grateful.
Thank you
Dave Maas




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] cannot find free queue for sbif7
Next by Date: RE: [FW1] Websense and FW-1 Nokia
Previous by thread: [FW1] VPN
Next by thread: [FW1] FW-1 VPN GATEWAY DOUBTS..
Index(es):
- Date
- Thread