[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] NG / VPN : cleartext packets within encrypted connection
Title: NG / VPN : cleartext packets within encrypted connection
Hi there,
Im testing NG's wonderfull new features like 'one click vpn',
in fact, its not working very well.
When the IKE phase 1 negotiation takes place, the logViewer
( FP2 module running under Linux kernel 2.4 and management
FP2 running on a Solaris8 sparc ) reports that there is cleartext
packet within an encrypted connection ( because it is the other gateway
that initiates the IKE proposals ( OpenBSD 3.0's isakmpd ) ).
Yes I correctly defined my encryption domains for the 2 gateway objects
in my checkpoint policy, I created 2 net objects for the encryption domains
on the two sides of the VPN ( 10.1.2.0/24 and 192.168.0.0/24 ).
It is like if NG is considering the external IP's of the 2 gateway as part of
the encryption domain.
I have set IKE preshare secret between the two gateway object ( one is a checkpoint
firewall object, the OpenBSD box is define as an "Interoperable Device" ).
The OpenBSD box already have 3 VPN established with 1-A checkpoint 4.1 sp5 nokia box
2-Another OpenBSD box
3-A Stonesoft Stonagate box
These are working properly as expected.
Anyone have this problem with NG FP2 ?
-------------------------------------------
|Yannick Mercier, CISSP NSA CCSA MCSE | _ _
|Work:[email protected] | o' \,=./ `o
|Samson Belair Deloitte & Touche | (o o)
-------------------------------------------ooO--(_)--Ooo---