[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] FW: [FW-1] A quick question



That is what I was thinking, but I get the following error in the logs
"encryption failure:temporary unavailable resource"

IF I turn off encryption I don't get the error and ping works fine?

And that is what is throwing the theory away.  Firewalls are NG FP2 ?

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of
Volker Tanger
Sent: 10 December 2002 15:01
To: [email protected]
Subject: Re: [FW-1] A quick question

Greetings!

Lannon Van Rooyen wrote:

> If you have a VPN tunnel between to Checkpoint firewalls running
> encryption, can you pass ICMP traffic through the tunnel?
> I am sure ICMP traffic cannot be encrypted does anyone have thoughts
> on this?


Theoretically: as ICMP is part of TCP flow control, ICMP better should
go through tunnels.

Practically: we are checking our tunnels with PING every minute. All my
VPNs show green on the monitor, so it obviously is working.


Followup: sometimes (esp. when FW1 only on one end) devices have
problems initiating and/or establishing tunnels. Keeping the tunnels
alive with PING is not a problem - just sometimes initiating is a bit
... reluctant.

Bye

Volker Tanger
IT-Security Consulting

--
discon gmbh
Wrangelstra�e 100
D-10997 Berlin

fon    +49 30 6104-3307
fax    +49 30 6104-3461

[email protected]
http://www.discon.de/

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================