[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] vpn problems
Title: RE: [FW1] vpn problems
Well I
am trying client to firewall ping and echo server
application.
After
reinstalling the 4.0 and redefining everything ( by the way the same exact
definitions ) it did work
Thanks
for your help anyway
My suspcicion is that you do not have your encryption domain
set up properly for the Linux to NT encryption.
From what you are saying there the following is
happening.
Net A -> NT -> Internet -> Linux -> Net B
When you send a ping from Net A to Net B the NT FW sees that
this should be encrypted, sends it off to Linux box encrypted, the Linux box
decrypts, the traffic hits the destination and replies. The reply
traffic hits the Linux box. However the Linux box decides NOT to encrypt
the traffic.
The above example assumes the following. A. You do not
have any assymetric routing problems. Are these boxes connecting solely
throught the Internet or do you have another link between the internal
nets? B. That the destinations your are trying are routable
addresses.
I would check that you have an encrypt rule for both
directions and that the encryption domains are set up properly.
Are you doing ping tests? Are you trying end to end or
firewall to firewall?
> -----Original Message----- >
From: Idan Dolev [mailto:[email protected]] > Sent: Tuesday, September 26, 2000 4:42 AM > To: Firewall_Mailing_List (E-mail) >
Subject: [FW1] vpn problems > > > > Hi
guys, > > I am trying to
establish a VPN connection between an NF > firewall
4.0 sp5 and > a Linux with 4.1 no sp.Both are
in single gateways mode. > I put the same secret
key in both, defined the encryption > domains and
set > the rules with IKE. > However I have being getting the message " packet is not
> IPSEC scheme" in > the
NT firewall while in my Linux I see decrypt. >
> Any suggestion ??? >
> >
==============================================================
> ================== > To unsubscribe from this mailing
list, please see the > instructions at
>
http://www.checkpoint.com/services/mailing.html
>
==============================================================
> ================== >
*********************************************************************** Gruntal
& Co., L.L.C.'s e-mail system is for business purposes only. Messages
are not confidential. All e-mail may be reviewed by authorized
supervisors, compliance or internal audit personnel. E-mail will be
archived for at least three years and may be produced to regulatory
agencies or others with a legal right to access such information. Gruntal
will not accept trade order instructions via e-mail. Please telephone your
Account Executive to place trade orders.
Gruntal & Co.,
L.L.C. ***********************************************************************
|