[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NG & 4.1 VPN troubles.
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Serge Vondandamo > - Communication between the two FW is working fine and I can see key exchange > on both side when I push the policy. > - When I try to telnet, http, or tracert a host behind the two gateways, > I can see encrypted traffic going trough (checkpoint Logviewer) but I can't > access any ressources, telnet failure, tracert = requested timeout, http= > could not find bla blabla. > Has anyone ever seen this ? any tip? Or idea ? Yes, make sure that you have a route back to each of your subnets. Otherwise you will get the problems you describe. (I am assuming you're using a cluster setup, you're mentioning two firewalls) Try to set up a route that points your two subnets to their respective firewalls on the server that runs your resource. So, on a windows host it would be something like: route add subnet_a mask <your_subnetmask> internal_ip_a route add subnet_b mask <your_subnetmask> internal_ip_b Also, make sure that any routers that have your cluster as next hop both on the inside and outside is arping your cluster mac address. Hope it helps... -- Børge ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|