Be sure the encryption properties match up on both sides, and that the domains are not overlapping. What is the error message you are receiving in the logs when trying to encrypt the communications?
Lori
At 12:00 PM 9/26/2003 +0100, you wrote:
Rainer,
this sounds familiar...think it could be an ongoing "feature" of FW-1 which I came across in 4.1. Basically the illegal addresses are encrpyted..then the fw comes to nat them to their legal addresses without encryption..there was a fix for 4.1 don't know about NG, perhaps ask your support company about it / checkpoint...
Sorry I can't help further.
Paul.
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: 26 September 2003 11:39 To: [EMAIL PROTECTED] Subject: [FW-1] VPN between two firewalls
Hello,
we have two offices both with NG FP3 firewalls. We want to use encrypted connections between the two offices. I created interoperable devices on both offices with the same secret.
Office A has official IP addresses, office B uses NAT.
I created rules on both offices that incoming and outgoinig connections between both firewalls shall be encrypted.
From office A I can reach (telnet, ping) machines in office B (with 1:1 NAT) but from office B I can't communicate with office A (no telnet, no ping). Normal connections (rules without encryption) work in both directions.
Any idea what I did wrong? Has anyone a good documentation about encryption and NAT?
regards Rainer
-- Rainer Freis Leiter Systemadministration
santix AG Weihenstephaner Str. 4 D-85716 Unterschleissheim Phone: (+49) 89 321506-24 Fax : (+49) 89 321506-99
You don't know what real time-critical software is until you're responsible for the paychecks of a battalion of heavily armed Marines. (somebody in alt.sysadmin.recovery)
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
--- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.521 / Virus Database: 319 - Release Date: 23/09/2003
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.521 / Virus Database: 319 - Release Date: 23/09/2003
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
Regards,
Lori Edens Schlumberger Sema Networking and Infrastructure Solutions Network Engineer 1311 Broadfield Blvd,. Suite 207E Houston, TX 77084 Office: 1 832 587 8954 Fax: 1 832 587 8556 Mobile: 1 832 724 2762
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
