NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN/NAT help need for FW 4.1 and Netscreen 5XP.

Title: VPN/NAT help need for FW 4.1 and Netscreen 5XP.

Hi Ed,

 

I have the following configurations and problems.

 

  HQ Network --à FW-1 4.1 (running on NT 4.0) à      trying to setup VPN to   ß-Netscreen 5XP (NAT mode) ß-- Remote Network Non Routable

  HQ Network: Full Class C - Public IPs.                                                                     One Public IP                      -       Private Non routable IPs

 

 

Here are the problems:

-         If I try to setup VPN tunnel following the Checkpoint/NS docs, it does not work! No ping, nothing between the two sites but I can see encrypted traffic on the Checkpoint log viewer. However, both External gateways external IPs can ping each other but no internal traffic.

-         If I removed the VPN tunnels and change the rules on both sides to permit/allow all traffic between the two networks, it works only one side: the Netscreen network can ping and access everything on the FW-1 network but the network behind the FW-1 can't! no ping, no trace, nothing, the worst is even that, when I try to tracert the Netscreen network it goes up to the 3rd hop after the router then stat looping. So, I thought it was a routing issues and I have added static route both side but it did not solve the problem.

 

 

Thanks

Serge

 

-----Original Message-----
From: Ed Valasek [mailto:[email protected]]
Sent: Tuesday, February 11, 2003 9:42 PM
To: [email protected]
Subject: Re: [FW-1] VPN/NAT help need for FW 4.1 and Netscreen 5XP.

 

I have successfully setup CP FW-1 4.1 on NT to a NS 5XP.

 

Well to begin with, the documentation you get from NS is not correct. It is to a point, but there are rules you need to add to the NS device and CP FW-1 that are not listed.

 

Have you begun the setup yet? Can you provide me with some info on your network topology as far as IP structure etc? I will help you as much as possible. It took me an entire month to figure out what I needed to do to get mine working. How far along have you gotten so far? Are Phase 1 and Phase 2 working? Do the FW-1 logs show communication between the two networks?

 

Thanks, -Ed-

 

Ed Valasek

 

Systems Admin

 

Integrator.com

 

-----Original Message-----
From: Serge Vondandamo [mailto:[email protected]]
Sent: Tuesday, February 11, 2003 2:31 PM
To: [email protected]
Subject: [FW-1] VPN/NAT help need for FW 4.1 and Netscreen 5XP.
Importance: High

 

Hi guys,

Does anyone have tips, docs (not from Checkpoint), information or experience in configuring a VPN tunnel between FW 4.1 and Netscreen (Netscreen does NAT,)?

I can't just make it work.

Any help, idea, doc, tips will be highly appreciated.

Regards
Serge


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.