Hi! I can ping LAN-C without Problems from GW-B. There is a Frame-Relay-Connection between LAN-C and the Router. The Router is managemend by a external company.
The Route for LAN-C points to the Router, backwards is a default-route defined pointing to GW-B. The GWs are both NGfp3hf2 and have some seperate Rules accepting echo-req,echo-rep,traceroute and so on. Thanks in advance. Thomas Kunz -----Urspr�ngliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Auftrag von Moody, Thomas (Contractor) (DDC) Gesendet: Donnerstag, 29. Januar 2004 18:49 An: [EMAIL PROTECTED] Betreff: Re: [FW-1] Problems with Routing/Encryption in Checkpoint-VPN Thomas, How is the LAN-C and LAN-B networks phyically tied together? You mentioned that there is a router for the LAN-C network. Is the route configured in GW-B pointing to the correct default gateway [that router] for LAN-C? If so, can you ping the LAN-C from the Nokia Cluster if login to it on the command line? Can you ping the Nokia Cluster from the router? If not, then you may have a routing issue. Do you have referrees setup for the clusters at both sites and have filters to allow the ICMP for the referrees? With a little more info, I may be able to help you. I've done a lot of work with the CC500 and CC2500's. So, if you want to share a little more info... I'll be glad to do what I can. Anyway, these are all things to take into consideration. Thomas G. Moody Sr. Network Security Admin [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ � -----Original Message----- � From: Kunz, T [mailto:[EMAIL PROTECTED] � Sent: Thursday, January 29, 2004 11:04 AM � To: [EMAIL PROTECTED] � Subject: [FW-1] Problems with Routing/Encryption in Checkpoint-VPN � � Hi all, � � i've got a VPN between 2 Nokia Clusters here (GW-A & GW-B). � � The first ones, the GW-A, are the Central-GWs of a Star-Topology VPN. � LAN-A with Net 10.1.0.0/24 is connected directly. � � The Second ones, the GW-B, are the Satelite-GWs. � LAN-B with Net 10.2.0.0/24 is connected directly. � LAN-C with Net 10.3.0.0/24 is connected via a Router to LAN-B. � � Now, the Problem is that i can't communicate with the Hosts � in 10.3.0.0/24 in LAN-C from LAN-A behind GW-A � (10.1.0.0/24). Same thing in the other direction! � � Can anyone give please advice? � I checked, the Routing, Ecryption-Domain, Anti-Spoofing and � Rulebase of Course already. � Maybe there is problem with the encryption of the packets or � Network-Adresses? � � When i try a ping (echo-req) from 10.1.0.1 to 10.3.0.1 i see � the Packet coming in at the LAN-Interface of GW-A. At � LAN-Interface of GW-B, i see the Packets (echo-req) coming � in and the answers (echo-rep) coming back from host 10.3.0.1. � But the echo-replies do not reach the LAN-Interface of GW-A. � � A Connection from LAN-B to LAN-A can be done without � problems. Same thing in the other direction. � � Regards � � Thomas Kunz � � T-Systems International GmbH � Global Network Factory, Network & Service Operations Munich � Fon: +49 89 54754 416 ; Fax: +49 89 54754 491 � E-Mail: [EMAIL PROTECTED] � � ================================================= � To set vacation, Out-Of-Office, or away messages, send an � email to [EMAIL PROTECTED] � in the BODY of the email add: � set fw-1-mailinglist nomail � ================================================= � To unsubscribe from this mailing list, � please see the instructions at � http://www.checkpoint.com/services/mailing.html � ================================================= � If you have any questions on how to change your subscription � options, email [EMAIL PROTECTED] � ================================================= � ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
