Thanks so much, Matthias. Yep, It was set to "First", now it's set to "Before Last" as you told me. It's working now !!!
A huge relief ! Thanks again, Alexander -----Original Message----- From: Matthias Leu [mailto:[EMAIL PROTECTED] Sent: 02 April 2003 12:07 To: Mailing list for discussion of Firewall-1 Subject: Re: [FW-1] Ping doesn't get through VPN Hi Alexander, maybe you have accepted ICMP in the Global Properties? If so, and if it's set to "First", the packet will be sent before your encryption rule is reached - and therefore not be encrypted. Then it should be set to "Before Last" or described by explicite rules. Hope it helps, best regards, Matthias http://www.fw-1.de Oleshev, Alexander wrote: > Hi there, > > We have site-to-site VPN between Cisco PIX and Checkpoint 4.1 . Netbios and > TCP work fine, but ICMP (Ping) is not working :-( > When I'm trying to do a ping, logs indicate that it doesn't get encrypted, > normally, any packet sent to the remote network gets encrypted and displayed > in blue, but in our case - it is displayed in green and no other messages > displayed.... It looks like that Checkpoint uses different routing table to > send this ping, and it doesn't use VPN.... > > As you probably anticipate, rules allow "ANY" traffic in both directions > .... > Any ideas why this thing happens ? > > Thanks, > Alexander -- AERAsec Network Services and Security GmbH Wagenberger Strasse 1 D-85662 Hohenbrunn, Germany http://www.aerasec.de ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
