[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Firewall to Firewall VPN
Thanks Michael and Mark, you guys were right on the money. Specifying all the interfaces on the remote gateway solved the problem. Kamran -----Original Message----- From: Michael Liberte [mailto:[email protected]] Sent: Friday, January 26, 2001 4:49 PM To: '[email protected]'; [email protected] Subject: RE: [FW1] Firewall to Firewall VPN Try to define the FW1 object to be gateway and have all the interfaces defined correctly on FW2 management station. Maybe FW2 receives the packet that originates from the incorrect IP and rejects it. Check to see if the shared secret matches on both firewalls. Cheers, Michael. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, January 26, 2001 4:25 PM To: [email protected] Subject: [FW1] Firewall to Firewall VPN I am trying to implement VPN between two cp2000 firewalls but cannot get the peer to respond. Both firewall modules are on Nokia 650 and the management console for each are on Windows NT. Here is the senario Net1-------------FW1---------Router1--------Router2---------FW2----------Net 2 | | | Net3 I am trying to implement VPN between Net1 and Net2. The workstation properties IP address, hostname and license of FW1 is facing Net3. The workstation properties IP address, hostname and license of FW2 is facing Router2. I have configured the VPN tab on both management consoles with IKE,DES,MD5,Shared Secret. The encryption domain on FW1 is Net1 and FW2 is Net2. I have also created separate rules for both incoming and outgoing traffic. Before configuring the VPN properties I had made sure that I have full connectivity between Net1 and Net2. When I do a ping from Net1 to Net2 I see the following in the info field of the fw log Action Info Key Install IKE Log: Recieved Notification From Peer: Invalid id information Drop encryption failure: no response from peer: scheem IKE Could the problem be the FW1 ip being on Net3 rather than one facing Router 1. If that is the case how would you implement multiple vpn. Do I need some kind of nasty NAT. When I run tcpdump on the FW1 interfacing Router1 I see udp packets on port 500 between this interface and FW2's interface facing Router2. Thank you for your time and any help would be much appreciated. Kamran ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|