Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Manual IPSEC question

To: dan snyder <[email protected]>, Rick Camp <[email protected]>, [email protected]
Subject: Re: [FW1] Manual IPSEC question
From: Chris F <[email protected]>
Date: Tue, 31 Oct 2000 13:46:12 -0800 (PST)
Sender: [email protected]

Please correct me if I'm wrong, but don't you mean:

fw_me fw_them IPSec
fw_they fw_me IPSec

Thanks -- Chris

--- dan  snyder <[email protected]> wrote:
> 
> Rick,
> add another rule (an IPSEC or IKE rule) on both
> firewalls.
> my internal network - other internal network - IPSEC
> - Accept
> other internal network - my internal network - IPSEC
> - Accept
> 
> 
> ----- Original Message -----
> From: "Rick Camp" <[email protected]>
> To: <[email protected]>
> Sent: Friday, October 27, 2000 2:51 PM
> Subject: [FW1] Manual IPSEC question
> 
> 
> >
> > I am having an issue with a Manual IPSEC between
> two firewall-1 boxes.
> Both
> > are NT, one is 4.0 SP7 the other is 4.1 SP2.
> >
> > The encryption works, but is seems like it needs
> to be primed.  If I
> > initiate a connection (ping, nbtstat, web
> browsing, etc) from only one
> side,
> > it will be encrypted outbound, but there will be
> no response.  this is the
> > same no matter which network I initiate the
> connection from.  However if I
> > initiate a connection from both sides the
> encryption kicks in and works
> just
> > fine even if everything else is initiated from
> only one network.  The next
> > day it will need to be primed from both sides
> again even though the
> firewall
> > was not reset and no security policy changes were
> made.
> >
> > My rulebase looks like this:
> >
> > my internal network - other internal network - any
> - encrypt
> > other internal network - my internal network - any
> - encrypt
> >
> > If I combined these 2 rules into 1 would it solve
> the problem?
> >
> > I was initially trying to set up IKE or ISAKMP
> between the two, but this
> > seemed to complicated until the 4.0 box was
> upgraded to 4.1 because 4.0
> > won't do entire subnets with IKE yet.
> >
> > Any suggestions would be greatly appreciated.
> >
> > Thanks,
> >
> > Rick
> >
> >
> > _______________________________________
> > Rick Camp
> > Welsh Consulting, Inc.
> > 31 Milk Street, Suite 805
> > Boston, MA 02109
> >Tel
> >Fax
> > [email protected]
> > www.welsh.com
> >
> >
> >
> >
>
============================================================================
> ====
> >      To unsubscribe from this mailing list, please
> see the instructions at
> >               
> http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> ====
> >
> 
> 
>
================================================================================
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
================================================================================


__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf!  It's FREE.
http://im.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Installing FW-1 on Linux
Next by Date: Reading Archives (was RE: [FW1] FW performance)
Previous by thread: RE: [FW1] Manual IPSEC question
Next by thread: [FW1] RE: Manual IPSEC question
Index(es):
- Date
- Thread