[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] VPN between two firewalls
Rainer, this sounds familiar...think it could be an ongoing "feature" of FW-1 which I came across in 4.1. Basically the illegal addresses are encrpyted..then the fw comes to nat them to their legal addresses without encryption..there was a fix for 4.1 don't know about NG, perhaps ask your support company about it / checkpoint... Sorry I can't help further. Paul. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of [email protected] Sent: 26 September 2003 11:39 To: [email protected] Subject: [FW-1] VPN between two firewalls Hello, we have two offices both with NG FP3 firewalls. We want to use encrypted connections between the two offices. I created interoperable devices on both offices with the same secret. Office A has official IP addresses, office B uses NAT. I created rules on both offices that incoming and outgoinig connections between both firewalls shall be encrypted. >From office A I can reach (telnet, ping) machines in office B (with 1:1 NAT) but from office B I can't communicate with office A (no telnet, no ping). Normal connections (rules without encryption) work in both directions. Any idea what I did wrong? Has anyone a good documentation about encryption and NAT? regards Rainer -- Rainer Freis Leiter Systemadministration santix AG Weihenstephaner Str. 4 D-85716 Unterschleissheim Phone: (+49) 89 321506-24 Fax : (+49) 89 321506-99 You don't know what real time-critical software is until you're responsible for the paychecks of a battalion of heavily armed Marines. (somebody in alt.sysadmin.recovery) ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.521 / Virus Database: 319 - Release Date: 23/09/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.521 / Virus Database: 319 - Release Date: 23/09/2003 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|