|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] IP proto 50 (ESP) / routing - ESP traffic ignores routing table
Hi Hans, we had a similar situation and we needed to do the following change to the objects_5_0.C to get it to work: 1.) Do a cpstop on the FireWall management server. 2.) Backup the objects_5_0.c file 3.) Change the following settings for the FireWall object that is doing the VPN from false to true: 4.) search for resolve_multiple_interface and change it to true 5.) resolve_multiple_interface_GW and change it to true 6.) Save the changes 7.) Do a cpstart on the FireWall management 8.) Install the policy again on the VPN Module. I think by default the VPN-1 module will only accept encrypted packets that are received via the licensed interface, which is usually the interface facing to the internet. With these changes any interface will able to handle encrypted packets. I hope this will help to solve your problem. Mark William Lane Dipl.-Inform.(FH) Installation & Implementation Manager CCSA/CCSE-2000, CCSA/CCSE-NG Certified Sonicwall Global Manager SNC Secure Networking Company AG Making the Internet Secure for You! [email protected] Tel.: +49 (0)6131-97147-0 Fax: +49 (0)6131-97147-99 www.sncag.com PGP Fingerprint: 9B45 52D7 FCBD B0AA 21E0 1223 DEBF 25E8 3321 4EB1 -------------- Diese Nachricht kann vertrauliche Informationen enthalten. Wenn Sie nicht der in der Nachricht enthaltene Empfänger sind (oder verantwortlich für die Überbringung der Nachricht zu dieser Person), sind sie nicht befugt, diese zu kopieren oder einer beliebigen Person zu überbringen. In diesem Fall löschen Sie bitte diese Nachricht und informieren Sie den Absender mit Hilfe einer Rückantwort per Email. Bitte unterrichten Sie uns unverzüglich, wenn Sie oder ihr Arbeitgeber einer Übermittlung von Nachrichten dieser Art mittels Internet nicht zustimmen. Überzeugungen, Rückschlüsse und andere Informationen, die in dieser Nachricht enthalten sind und nicht zu den offiziellen Geschäftsgepflogenheiten unserer Firma gehören, werden nicht unterstützt und als nie erklärt gewertet. -------------- Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of my firm shall be understood as neither given nor endorsed by it. -------------- -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Hans Bayle Sent: Donnerstag, 14. August 2003 16:38 To: [email protected] Subject: [FW-1] IP proto 50 (ESP) / routing - ESP traffic ignores routing table7890 Hi, We are using NG FP3 on Solaris 9. On our VPN gateway with 2 external interfaces; one interface connected to Internet, the other to an internal WAN, ESP traffic ignores the routing table, and always flows to the default gateway (a router to Internet), and not to another VPN gateway that is connected to the internal WAN. Within the same configuration, management traffic, TCP traffic etc. *does* follow the routing table. What can I do to let ESP traffic follow the routing table? Hans Bayle Network Consultant [email protected] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
