[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] FW: [FW-1] A quick question
That is what I was thinking, but I get the following error in the logs
"encryption failure:temporary unavailable resource"
IF I turn off encryption I don't get the error and ping works fine?
And that is what is throwing the theory away. Firewalls are NG FP2 ?
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of
Volker Tanger
Sent: 10 December 2002 15:01
To: [email protected]
Subject: Re: [FW-1] A quick question
Greetings!
Lannon Van Rooyen wrote:
> If you have a VPN tunnel between to Checkpoint firewalls running
> encryption, can you pass ICMP traffic through the tunnel?
> I am sure ICMP traffic cannot be encrypted does anyone have thoughts
> on this?
Theoretically: as ICMP is part of TCP flow control, ICMP better should
go through tunnels.
Practically: we are checking our tunnels with PING every minute. All my
VPNs show green on the monitor, so it obviously is working.
Followup: sometimes (esp. when FW1 only on one end) devices have
problems initiating and/or establishing tunnels. Keeping the tunnels
alive with PING is not a problem - just sometimes initiating is a bit
... reluctant.
Bye
Volker Tanger
IT-Security Consulting
--
discon gmbh
Wrangelstra�e 100
D-10997 Berlin
fon +49 30 6104-3307
fax +49 30 6104-3461
[email protected]
http://www.discon.de/
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================