Rainer,
this sounds familiar...think it could be an ongoing "feature" of FW-1
which I came across in 4.1. Basically the illegal addresses are
encrpyted..then the fw comes to nat them to their legal addresses without
encryption..there was a fix for 4.1 don't know about NG, perhaps ask your
support company about it / checkpoint...
Sorry I can't help further.
Paul.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of
[email protected]
Sent: 26 September 2003 11:39
To: [email protected]
Subject: [FW-1] VPN between two firewalls
Hello,
we have two offices both with NG FP3 firewalls. We want to use encrypted
connections between the two offices. I created interoperable devices on
both offices with the same secret.
Office A has official IP addresses, office B uses NAT.
I created rules on both offices that incoming and outgoinig connections
between both firewalls shall be encrypted.
From office A I can reach (telnet, ping) machines in office B (with 1:1
NAT) but from office B I can't communicate with office A (no telnet, no
ping). Normal connections (rules without encryption) work in both
directions.
Any idea what I did wrong? Has anyone a good documentation about
encryption and NAT?
regards
Rainer
--
Rainer Freis Leiter
Systemadministration
santix AG Weihenstephaner Str. 4
D-85716 Unterschleissheim
Phone: (+49) 89 321506-24 Fax : (+49) 89 321506-99
You don't know what real time-critical software is until you're
responsible for the paychecks of a battalion of heavily armed
Marines. (somebody in alt.sysadmin.recovery)
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.521 / Virus Database: 319 - Release Date: 23/09/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.521 / Virus Database: 319 - Release Date: 23/09/2003
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================