Hi
Russell,
First, I
have both policies set on the NS but when I enabled the VPN tunnel; there is no
traffic at all. Request timed out.
So, I
decided to test the allow/permit to see if I can get some sort of connectivity
and the result is that, the NS Boxes can ping and access the HQ network with
the allow/permit rules (no VPN) but the HQ network can't! And when I tracert
from the HQ Network to the Box behind the NS I got a reply from another router
between the two networks and the loop starts. This aws just to test
connectivity since the VPN does not work.
---
Russell Washington, CCSE, CCSA, NCSA
Too many doggoned letters after my name.../
----- Original Message -----
Sent: Tuesday,
February 11, 2003 1:02 PM
Subject: Re: [FW-1]
VPN/NAT help need for FW 4.1 and Netscreen 5XP.
Hi Ed,
I
have the following configurations and problems.
HQ Network --à FW-1 4.1 (running on NT 4.0) à trying to
setup VPN to ß-Netscreen 5XP (NAT mode) ß-- Remote Network Non Routable
HQ Network: Full Class C - Public
IPs.
One Public IP
- Private Non routable IPs
Here
are the problems:
-
If I try to setup VPN
tunnel following the Checkpoint/NS docs, it does not work! No ping, nothing
between the two sites but I can see encrypted traffic on the Checkpoint log
viewer. However, both External gateways external IPs can ping each other but no
internal traffic.
-
If I removed the VPN
tunnels and change the rules on both sides to permit/allow all traffic between
the two networks, it works only one side: the Netscreen network can ping and
access everything on the FW-1 network but the network behind the FW-1 can't! no
ping, no trace, nothing, the worst is even that, when I try to tracert the
Netscreen network it goes up to the 3rd hop after the router then
stat looping. So, I thought it was a routing issues and I have added static
route both side but it did not solve the problem.
Thanks
Serge
-----Original
Message-----
From: Ed Valasek [mailto:[email protected]]
Sent: Tuesday, February 11, 2003
9:42 PM
To:
[email protected]
Subject: Re: [FW-1] VPN/NAT help
need for FW 4.1 and Netscreen 5XP.
I have
successfully setup CP FW-1 4.1 on NT to a NS 5XP.
Well to
begin with, the documentation you get from NS is not correct. It is to a point,
but there are rules you need to add to the NS device and CP FW-1 that are not
listed.
Have you
begun the setup yet? Can you provide me with some info on your network topology
as far as IP structure etc? I will help you as much as possible. It took me an
entire month to figure out what I needed to do to get mine working. How far
along have you gotten so far? Are Phase 1 and Phase 2 working? Do the FW-1 logs
show communication between the two networks?
-----Original
Message-----
From: Serge Vondandamo
[mailto:[email protected]]
Sent: Tuesday, February 11, 2003
2:31 PM
To:
[email protected]
Subject: [FW-1] VPN/NAT help need
for FW 4.1 and Netscreen 5XP.
Importance: High
Hi guys,
Does anyone have tips, docs (not from Checkpoint),
information or experience in configuring a VPN tunnel between FW 4.1 and
Netscreen (Netscreen does NAT,)?
I can't just make it work.
Any help, idea, doc, tips will be highly appreciated.
Regards
Serge
