Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Checkpoint VPN trouble

To: [email protected]
Subject: Re: [FW-1] Checkpoint VPN trouble
From: Jim MacLeod <[email protected]>
Date: Mon, 28 Jan 2002 09:26:02 -0800
In-reply-to: <5D90F2332B50D411BE8AC026110D7@QHS63>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi Jeff,

It sounds like:
1) Their firewalls are using the wrong source IP address.  This is usually
as OS-specific issue.  It can obviously be very bad if it's private address
space (e.g. RFC 1918).
2) They might have the internal addresses of their firewalls as the primary
IP in their firewall objects, but again it's more likely an OS issue.

Try adding their addresses to the "interfaces" tab for their object on your
firewall.  This was semi-standard procedure for the first release of
Gateway Clusters on FW-1.

FWIW, it shouldn't matter which IP address they've licensed AFAIK.

Regards,
Jim MacLeod

At 07:22 AM 1/28/2002, Jeff LaCoursiere wrote:

I am trying to establish a VPN with another company.  Checkpoint/Solaris
on our side, dual Checkpoint/AIX(?) in a cluster on their side.  Rules are
setup as I have for other working VPN's, and an attempt to connect through
the VPN causes key exchange packets to be sent from our side (I see with
tcpdump).

The return packets, however, have a source address of the internal
interface of the remote firewall, rather than the expected external
address.  Does anyone know why this occurs?  They claim to have licensed
the internal address on the remote side.

TIA,

Jeff LaCoursiere
Infrastructure Specialist
T-Motion

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Jim MacLeod
FireWall-1 and network security consultant, San Francisco Bay area
[email protected],

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] Checkpoint VPN trouble
  - From: Jeff LaCoursiere <[email protected]>

Prev by Date: [FW-1] FW-1 and AceServer 5.0.1
Next by Date: [FW-1] SecureClient and IP Forwarding.
Previous by thread: [FW-1] Checkpoint VPN trouble
Next by thread: Re: [FW-1] Checkpoint VPN trouble
Index(es):
- Date
- Thread