|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] FW-1 Site-to-site VPN with Cisco PIX in the middle.
- To: [email protected]
- Subject: Re: [FW-1] FW-1 Site-to-site VPN with Cisco PIX in the middle.
- From: Lars Troen <[email protected]>
- Date: Mon, 27 May 2002 10:24:24 +0200
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcIDK+mdsMvxzeikS9umlqk0Yd1g2ACK0mnw
- Thread-topic: [FW-1] FW-1 Site-to-site VPN with Cisco PIX in the middle.
I
don't think you can do this. Site-to-site vpn's don't support udp
encapsulation.So it's not tcp port 50 you need to open, but ip protocol 50. If
the nat device supports natting of this protocol then maybe, so you could give
it a try and check the logs of the pix too.
Lars
Hi all,
Again. Sorry about the first mail. It wasn't suppost to be sent
unfinished so here I go again.
I have a small problem I need some new eyes on.
My setup:
Users [192.168.60.x] ---- FW/NAT ---- [172.16.x.y] Partner FW/NAT ----
ISP/Internet ---- HQ FW/VPN GW
|
|
|
Nokia IP71
Cisco PIX
Nokia IP440 (MGMT)
My goal is to do site-to-site VPN between the two
Nokia box's.
I have done a "fw
putkey" on both enforcement points. The management station can se the IP71 and
gives it the status "untrusted" in the System status windows. Both run FW-1 4.1.
The setup has work in our test lab but there we
didn't have a firewall/NAT device in between.
The PIX is doing STATIC NAT to my IP71. In the PIX
port TCP 50 TCP 264 UDP/TCP 500 UDP 2746 in opened both ways. What I'm I
missing?
Please help :o)
Best Regards,
Ole
Jakobsen
|
|