Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] IP 51 and 50

To: "'[email protected]'" <[email protected]>
Subject: RE: [FW1] IP 51 and 50
From: Amin Tora <[email protected]>
Date: Tue, 3 Jul 2001 15:04:06 -0400
Sender: [email protected]


>I need to set up a VPN using IPSec beetween two Cisco Routers. The problem
>is that I have a Checkpoint firewall in the middle. How can I set up
>Checkpoint to permit IP protocol 50 (SIPP-ESP) and IP protocol 51
(SIPP-AH).
>I know that IPSec is supported by Firewall-1 to stablish VPN. But... how
can
>I make to let IPSec pass through Checkpoint.

Alonzo,

The protocols are pre-set: 

-Click on Manage -> Services.
-In the list you will see ESP (IP type 50) and AH (IP type 51) listed.

You can make a rule with these services in the Service column to allow these
types of
packets through the firewall, i.e.:

Source	Destination		Service	Action
-------------------------------------------------
CISCO-1	CISCO-2		ESP,AH	ACCEPT
CISCO-2	CISCO-1


You'll also notice that the services are of type "user defined".

ESP is defined as "ip_p = 0x32"
AH  is defined as "ip_p = 0x33"

The numbers are in hex - if you convert them to decimal they'll be 50,51
respectively.

Good luck,


Amin Tora, CISSP
ePlus Technology
http://www.eplus.com
NASDAQ: PLUS





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] what occurs first NAT or RULEBASE
Next by Date: RE: [FW1] Moving IP address
Previous by thread: Re: [FW1] IP 51 and 50
Next by thread: RE: [FW1] IP 51 and 50
Index(es):
- Date
- Thread