[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Firewall to Firewall VPN
I am trying to implement VPN between two cp2000 firewalls but cannot get the peer to respond. Both firewall modules are on Nokia 650 and the management console for each are on Windows NT. Here is the senario Net1-------------FW1---------Router1--------Router2---------FW2----------Net 2 | | | Net3 I am trying to implement VPN between Net1 and Net2. The workstation properties IP address, hostname and license of FW1 is facing Net3. The workstation properties IP address, hostname and license of FW2 is facing Router2. I have configured the VPN tab on both management consoles with IKE,DES,MD5,Shared Secret. The encryption domain on FW1 is Net1 and FW2 is Net2. I have also created separate rules for both incoming and outgoing traffic. Before configuring the VPN properties I had made sure that I have full connectivity between Net1 and Net2. When I do a ping from Net1 to Net2 I see the following in the info field of the fw log Action Info Key Install IKE Log: Recieved Notification From Peer: Invalid id information Drop encryption failure: no response from peer: scheem IKE Could the problem be the FW1 ip being on Net3 rather than one facing Router 1. If that is the case how would you implement multiple vpn. Do I need some kind of nasty NAT. When I run tcpdump on the FW1 interfacing Router1 I see udp packets on port 500 between this interface and FW2's interface facing Router2. Thank you for your time and any help would be much appreciated. Kamran ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|