Can, For the first problem, check and make sure that the object for IP71 is defined in the management station with the external IP address. Do the same for IP330.
Regards, Pritish >>> [EMAIL PROTECTED] 04/03/03 02:14PM >>> I have a couple of VPN problems, any help will be greatly appreciated. The first relates to a Nokia IP71 establishing a VPN and the second a VPN between NG FP1 and FP2. Due to a lost password I've had to reset the IP71 to factory defaults, and then I upgraded it to version 2 of the firmware. It and the IP330 I need to tunnel between are managed by the same server (running NG FP2), which is located on the DMZ of the IP330 (using NAT). I've established SIC between the IP71 and Management Server, and confirmed connectivity. The topology information is entered for the IP71 & IP330 objects, including the encryption domain. I created a rule on a rulebase loaded to both the IP71 and IP330 that encrypts traffic between the two encryptions domains (I created a group containing both of the en domains and placed that group in the source and destination columns, with an action of encrypt, to be installed on both firewall objects), and loaded the rulebase onto both of the firewalls). My problem is that although I can successfully establish VPN connections from the IP330 enc domain to the enc domain of the IP71, it does not work the other way round. When looking at the logs, I see that the IP71 hasn't even attempted to encrypt the packets destined for the IP330's enc domain, it just accepts them. I've double checked the rule & it definitely looks right... Any thoughts? For additional info, the enforcement module running on the IP330 is FP2, no hotfixes. My second problem relates to a VPN I need to establish between the same IP330, and a externally managed FW in Dallas. I've definted the object for the networks, configured the checkpoint object and defined the rule for encrypting traffic between the two enc domains. I confirmed with the guy who manages the firewall in Dallas that our VPN paramters are the same at each end, but every time we attempt to bring up the VPN, both firewalls report the message 'no proposal chosen'. I've looked on SecureKnowledge, but the only relevant article mentions that the encryption key exchange settings are out of sync, but based on what the Dallas guy has told me, this can't be the case. Once again, any thoughts welcomed. Cheers guys, and apologies for the long message! Can ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
