[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] IP 51 and 50
>I need to set up a VPN using IPSec beetween two Cisco Routers. The problem >is that I have a Checkpoint firewall in the middle. How can I set up >Checkpoint to permit IP protocol 50 (SIPP-ESP) and IP protocol 51 (SIPP-AH). >I know that IPSec is supported by Firewall-1 to stablish VPN. But... how can >I make to let IPSec pass through Checkpoint. Alonzo, The protocols are pre-set: -Click on Manage -> Services. -In the list you will see ESP (IP type 50) and AH (IP type 51) listed. You can make a rule with these services in the Service column to allow these types of packets through the firewall, i.e.: Source Destination Service Action ------------------------------------------------- CISCO-1 CISCO-2 ESP,AH ACCEPT CISCO-2 CISCO-1 You'll also notice that the services are of type "user defined". ESP is defined as "ip_p = 0x32" AH is defined as "ip_p = 0x33" The numbers are in hex - if you convert them to decimal they'll be 50,51 respectively. Good luck, Amin Tora, CISSP ePlus Technology http://www.eplus.com NASDAQ: PLUS ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|