NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] putkey breaks a previous putkey with NAT involved



Hi there everyone

Below is the situation,

Management Server = Windows 2000 Server, Check Point 4.1 SP5
Lic = CPVP-VEE-U-3DES-MGMT-V41
IP = 10.10.0.200
NATted = 192.168.1.52

Module A = Nokia IP440 IPSO 3.4.1 Check Point 4.1 SP5
Lic = CPVP-VEE-U-3DES-MODULE-V41
Ext IP = 192.168.2.50
Int IP = 10.10.0.211
Proxy Arp on external interface for 192.168.1.52
Static Route from 192.168.1.52 to 10.10.0.200

Module B = Nokia IP71 Check Point 4.1
Lic = CPVP-VSO-50-DES-V41
Ext IP = 192.168.1.150
Int IP = 10.0.11.211

The Instructions that came from CP Knowledge Base...
"How to run fw putkey when Static NAT is used for the Management Station"

The info below has been changed to suite my configuration, the 192.168.*.*
range has been changed from their valid ranges.

Stage 1 - Management Server and Module A

1.    Both Machines - fwstop 2.    Mgnt - fw putkey -n 10.10.0.200 10.10.0.211
3.    Mod A - fw putkey -n 10.10.0.211 10.10.0.200
4.    Mgnt - fwstart
5.    Mod A - fwstart
6.    Define Object Mod A in Policy Editor
7.    Define Object Mod B in Policy Editor
8.    Mgnt has been defined with IP Address 10.10.0.200 and a Static NAT
address of 192.168.1.52
9.    Define rule: source = mgnt, dest  = modA / modB, serv=FW1, Action =
Accept
10.   Install policy
11.   Ping IP 192.168.1.52 and make sure static NAT works

Stage 2 - Management Server and Module B

1.    Both Machines - fwstop
2.    Mgnt - fw putkey -n 10.10.0.200 192.168.1.150
3.    Mgnt - fw putkey -n 192.168.1.52 192.168.1.150
4.    Mod B - fw putkey -n 192.168.1.150 192.168.1.52
5.    Mod B - fw putkey -n 192.168.1.150 10.10.0.200
6.    Mgnt - fwstart
7.    Mod B - fwstart
8.    Install policy


The Problem:

Stage 1 works like a charm, policy installs and everything, have rules which
allow the management server to manage all the firewalls. Can connect to
services outside the firewall module, can even connect to module B.
But... when going onto stage 2 and I run steps 2-3 and after restarting the
modules I lose the secure connection to module A.
I just can't seem to get module B to establish a secure connection. I need to be able to manage around 8 firewalls externally and 2 firewalls
internally
Any help will be greatly appreciated



Title: putkey breaks a previous putkey with NAT involved




Hi there everyone

Below is the situation,

Management Server = Windows 2000 Server, Check Point 4.1 SP5

Lic = CPVP-VEE-U-3DES-MGMT-V41

IP = 10.10.0.200

NATted = 192.168.1.52

Module A = Nokia IP440 IPSO 3.4.1 Check Point 4.1 SP5

Lic = CPVP-VEE-U-3DES-MODULE-V41

Ext IP = 192.168.2.50

Int IP = 10.10.0.211

Proxy Arp on external interface for 192.168.1.52

Static Route from 192.168.1.52 to 10.10.0.200

Module B = Nokia IP71 Check Point 4.1

Lic = CPVP-VSO-50-DES-V41

Ext IP = 192.168.1.150

Int IP = 10.0.11.211

The Instructions that came from CP Knowledge Base...

"How to run fw putkey when Static NAT is used for the Management Station"

The info below has been changed to suite my configuration, the 192.168.*.* range has been changed from their valid ranges.

Stage 1 - Management Server and Module A

  1. Both Machines - fwstop
  2. Mgnt - fw putkey -n 10.10.0.200 10.10.0.211
  3. Mod A - fw putkey -n 10.10.0.211 10.10.0.200
  4. Mgnt - fwstart
  5. Mod A - fwstart
  6. Define Object Mod A in Policy Editor
  7. Define Object Mod B in Policy Editor
  8. Mgnt has been defined with IP Address 10.10.0.200 and a Static NAT address of 192.168.1.52
  9. Define rule: source = mgnt, dest  = modA / modB, serv=FW1, Action = "">
  10. Install policy
  11. Ping IP 192.168.1.52 and make sure static NAT works

Stage 2 - Management Server and Module B

  1. Both Machines - fwstop
  2. Mgnt - fw putkey -n 10.10.0.200 192.168.1.150
  3. Mgnt - fw putkey -n 192.168.1.52 192.168.1.150
  4. Mod B - fw putkey -n 192.168.1.150 192.168.1.52
  5. Mod B - fw putkey -n 192.168.1.150 10.10.0.200
  6. Mgnt - fwstart
  7. Mod B - fwstart
  8. Install policy


The Problem:

Stage 1 works like a charm, policy installs and everything, have rules which allow the management server to manage all the firewalls. Can connect to services outside the firewall module, can even connect to module B.But... when going onto stage 2 and I run steps 2-3 and after restarting the modules I lose the secure connection to module A.

I just can't seem to get module B to establish a secure connection.

I need to be able to manage around 8 firewalls externally and 2 firewalls internally

Any help will be greatly appreciated




 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.