NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Firewall to Firewall VPN



Thanks Michael and Mark, you guys were right on the money. Specifying all
the interfaces on the remote gateway solved the problem.

Kamran

-----Original Message-----
From: Michael Liberte [mailto:[email protected]]
Sent: Friday, January 26, 2001 4:49 PM
To: '[email protected]'; [email protected]
Subject: RE: [FW1] Firewall to Firewall VPN



Try to define the FW1 object to be gateway and have all the interfaces
defined correctly on FW2 management station. Maybe FW2 receives the packet
that originates from the incorrect IP and rejects it.
Check   to see if the shared secret matches on both firewalls.
Cheers,
Michael.

-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Friday, January 26, 2001 4:25 PM
To: [email protected]
Subject: [FW1] Firewall to Firewall VPN



I am trying to implement VPN between two cp2000 firewalls but cannot get the
peer to respond.
Both firewall modules are on Nokia 650 and the management console for each
are on Windows NT.

Here is the senario

                                                        
Net1-------------FW1---------Router1--------Router2---------FW2----------Net
2
                  |
                  |
                  |
                 Net3


I am trying to implement VPN between Net1 and Net2. The workstation
properties IP address, hostname and license of FW1 is facing Net3. The
workstation properties IP address, hostname and license of FW2 is facing
Router2.

I have configured the VPN tab on both management consoles with
IKE,DES,MD5,Shared Secret. The encryption domain on FW1 is Net1 and FW2 is
Net2. I have also created separate rules for both incoming and outgoing
traffic. 

Before configuring the VPN properties I had made sure that I have full
connectivity between Net1 and Net2. 

When I do a ping from Net1 to Net2 I see the following in the info field of
the fw log

Action                   Info
Key Install              IKE Log: Recieved Notification From Peer: Invalid
id information 
Drop                     encryption failure: no response from peer: scheem
IKE

Could the problem be the FW1 ip being on Net3 rather than one facing Router
1. If that is the case how would you implement multiple vpn. Do I need some
kind of nasty NAT.

When I run tcpdump on the FW1 interfacing Router1 I see udp packets on port
500 between this interface and FW2's interface facing Router2.

Thank you for your time and any help would be much appreciated.

Kamran


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.