[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Checkpoint VPN trouble
Hi Jeff, It sounds like: 1) Their firewalls are using the wrong source IP address. This is usually as OS-specific issue. It can obviously be very bad if it's private address space (e.g. RFC 1918). 2) They might have the internal addresses of their firewalls as the primary IP in their firewall objects, but again it's more likely an OS issue. Try adding their addresses to the "interfaces" tab for their object on your firewall. This was semi-standard procedure for the first release of Gateway Clusters on FW-1. FWIW, it shouldn't matter which IP address they've licensed AFAIK. Regards, Jim MacLeod At 07:22 AM 1/28/2002, Jeff LaCoursiere wrote: I am trying to establish a VPN with another company. Checkpoint/Solaris on our side, dual Checkpoint/AIX(?) in a cluster on their side. Rules are setup as I have for other working VPN's, and an attempt to connect through the VPN causes key exchange packets to be sent from our side (I see with tcpdump). Jim MacLeod FireWall-1 and network security consultant, San Francisco Bay area [email protected], ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|