[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] VPN + NAT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For these types of VPN's you probably want to add two Translation rules that disable NAT for connections through the VPN tunnel. The two rules are: MyNet - PartnerNet - Any - Original - Original - Any PartnerNet - MyNet - Any - Original - Original - Any Make sure you set routes in your network that directs traffic aimed at the PartnerNet to your firewall. Regards, Frank > -----Original Message----- > From: Vaughan, Jeff [mailto:[email protected]] > Sent: Wednesday, October 04, 2000 10:53 AM > > We are running that exact scenerio with one of our partners. > Check that > both firealls have the exact same encryption settings, also > make sure that > you include both the valid and invalid IPs in your encryption > domain. You > only need the valid IPs for your partner's network. > > -----Original Message----- > From: Darryl Bowler [mailto:[email protected]] > Sent: Wednesday, October 04, 2000 10:22 AM > > anyone had luck running a VPN between 2 checkpoint FWs which > have NATed lans > with private address ranges behind them ? > Using IKE. > > When I configure NAT (auto hide) I get the following errors > icmp-type 0 icmp-code 0 encryption failure: Packet is not > IPSEC scheme: IKE > > Without NAT, it works fine. > > > Regards Darryl -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.1 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBOdv3z0RKym0LjhFcEQL5RQCfeDNjlS56DeNviIl9DejXZiVnVZQAnjMH Txz4sFlMHP4kgUBna3e17/u5 =yGCk -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|