| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] FW: Need help setting checkpoint to work as VPN gateway
Hi all,
I have 2 CP 4.1 SP4 boxes. I can set them up to encrypt in "host-to-host"
mode just fine, but when I try to set up one box (with two NICs) as gateway
protecting a ping machine behind it, I get MM+QM completion ("ISAKMP trap
success"), but the ping doesn't come back. I see in the sniffer that
one-legged box is encrypting the pings, but they do not appear on the
"protected" side of two-legged box. The CP logs and debug window do not
appear to indicate any kind of problem. (I have checked the routing in my
setup and it works fine for clear traffic). fw monitor -e accept command
shows me encrypted packets that come from one side, but there is no traffic
going back. I have IP Forwarding checked in TCP/IP options.
Before you ask, I did configure a gateway box to "Support key exchange for
subnets" in IKE properties dialog.
+-----+ +-----+CP PRV +-----+
|HOST | 192.168.0.131 |CP |62.219.37.153 |HOST | 63.219.37.154
| CP |-----------------------------------|GATE |----------------| |
+-----+\ CP PUB 192.168.0.117 |WAY | +-----+
\-------\ +-----+ \-----\
I'm trying to send encrypted traffic from HOST_CP to HOST with tunnel
terminating at CP_GATEWAY.
I'm sure it's some trivial bit of configuration that has to do with either
encryption/decryption or forwarding that I'm missing.
Any ideas, please?
Cheers,
Paul Seifer
Technical Support,
Everbee Wireless
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
