[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] FW: Need help setting checkpoint to work as VPN gateway
Hi all, I have 2 CP 4.1 SP4 boxes. I can set them up to encrypt in "host-to-host" mode just fine, but when I try to set up one box (with two NICs) as gateway protecting a ping machine behind it, I get MM+QM completion ("ISAKMP trap success"), but the ping doesn't come back. I see in the sniffer that one-legged box is encrypting the pings, but they do not appear on the "protected" side of two-legged box. The CP logs and debug window do not appear to indicate any kind of problem. (I have checked the routing in my setup and it works fine for clear traffic). fw monitor -e accept command shows me encrypted packets that come from one side, but there is no traffic going back. I have IP Forwarding checked in TCP/IP options. Before you ask, I did configure a gateway box to "Support key exchange for subnets" in IKE properties dialog. +-----+ +-----+CP PRV +-----+ |HOST | 192.168.0.131 |CP |62.219.37.153 |HOST | 63.219.37.154 | CP |-----------------------------------|GATE |----------------| | +-----+\ CP PUB 192.168.0.117 |WAY | +-----+ \-------\ +-----+ \-----\ I'm trying to send encrypted traffic from HOST_CP to HOST with tunnel terminating at CP_GATEWAY. I'm sure it's some trivial bit of configuration that has to do with either encryption/decryption or forwarding that I'm missing. Any ideas, please? Cheers, Paul Seifer Technical Support, Everbee Wireless ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|