[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] CPFW1-4.1.2 and IPFilter+RACOON working but ....
Hi guys, It's me again. :-) Here is my configuration: Checkpoint 4.1.2 on Debian 2.2r5 external = 192.168.0.122/24 internal = 172.17.0.0/16 IPfilter + IPsec +Racoon on FreeBSD 4.5-Stable. external = 192.168.0.115/24 internal = 172.16.0.0/16 This is the document that I followed, http://restricted.dyndns.org/cpbsd.html Here is my lab setup: SITE A SITE B External Interface External Interface 192.168.0.122 192.168.0.115 | | +--> Firewall-1 <--> Internet <--> FreeBSD GW <--+ | | FW-1 Protected Nets FreeBSD Protext Nets 172.17.0.0/16 172.16.0.0/16 I have workstations on both firewalls. 172.17.0.12 on SITE A 172.16.0.100 on SITE B 1. Exchange of keys is ok. 2. The FreeBSD gw can ping 172.17.0.12 and I can see decrypt/encrypt in Log Viewer 3. From the 172.17.0.12 workstation on SITE A, it can ping the FreeBSD GW. My problem is that: 1. From 172.16.0.100 workstation, it cannot ping 172.17.0.12 workstation. So that means, FW-1 Protected Nets is not able to talk to FreeBSD Protected Nets. And on the Log Viewer, it shows there the packet from 192.168.0.115 to 172.17.0.12 gets rejected. I have already disabled spoofing but still doesn't work. Will that document be applicable to my lab setup or is there anything that I should modify on Checkpoint? I have also tried creating another network object, and that is the freebsd-net and instead change the rule 2 to freebsd-net instead of freebsd-gw. And with this rule, the freebsd-gw no longer can communicate with 172.17.0.12. Any help will be greatly appreciated. Thank you very much. neil camara ([email protected]) - cc{na|sa}, mcse - pgp 0x777777B2 network/security engineer - dl := +1(847)2.21.0.224 cn := +1(847)9.80.17.53 echo "I love windows" | sed -e 's/wi/u/g' | cut -f1 -dd | \ awk '/u/ {printf("%s %s %six\n",$1,$2,$3)}' ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|