[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NetScreen 5XP --> Checkpoint FW-1 4.1 on NT HELP!!!

To: [email protected]
Subject: Re: [FW-1] NetScreen 5XP --> Checkpoint FW-1 4.1 on NT HELP!!!
From: Marc Elsen <[email protected]>
Date: Wed, 4 Dec 2002 16:19:31 +0100
Organization: IMEC
References: <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

> Ed Valasek wrote:
>
> Hello All,
>
>         I am currently implementing a VPN (IKE) Connection between two
> of my offices and I have had some success as far as getting the P1 and
> P2 settings working by following all the guides posted.
>
>         My network setup is as follows: Network A - 192.168.x.x
> (Checkpoint Side)
>                                            Network B - 10.2.x.x
> (NetScreen Side)
>
> The issue I have ran into is that I can ping Network A from Network B,
> but I cannot ping Network B from Network A.
>
> Clients on Network B can browse the domain and access files etc etc on
> Network A, but Clients on the Checkpoint Side (Net A) cannot see the
> clients on the NetScreen Side (Net B).
>
> Anyone run into this issue or have some direction for me to solve this
> problem. Any help is much appreciated.
>
> Thanks, Ed Valasek
>

 We never got a 'full' VPN link working between Netscreen5XP and
 Checkpoint FW-1 NG (FP1).
 Detailed analysis showed that there was some problem with
 exchanging 'large' packets between FW and Netscreen in 'VPN' (ipsec
mode).
 Problem was related to making the decision at what time
 packets should be fragmented,before or after ip-sec-ing.

 We think that FW and NG, differ on this issue, or either one
 of them is not real standard, or the ip sec standard is not
 clear on this issue (I am not sure).

 Anyway out of misery , we could only connect 2 company 'locations'
 by buying 2 netscreens and make sure that no other vendor (in this case
FW NG)
 was involved. Then it worked for us.

 I wonder in this context : anyone got VPN fully working
 between Netscreen and FW (either 4.1 and/or NG) ?

 Marc.

>

--

 'Time is a consequence of Matter thus
 General Relativity is a direct consequence of QM
 (M.E. Mar 2002)

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] NetScreen 5XP --> Checkpoint FW-1 4.1 on NT HELP!!!
  - From: Ed Valasek <[email protected]>

Prev by Date: Re: [FW-1] NetScreen 5XP --> Checkpoint FW-1 4.1 on NT HELP!!!
Next by Date: Re: [FW-1] Remove NIC from Nokia IP
Prev by thread: [FW-1] NetScreen 5XP --> Checkpoint FW-1 4.1 on NT HELP!!!
Next by thread: Re: [FW-1] NetScreen 5XP --> Checkpoint FW-1 4.1 on NT HELP!!!
Index(es):
- Date
- Thread