Ok, let's get our hands dirty :) Site A - NG AI R54. Has frame-relay link to SiteB and link to internet. Site B - NG AI R54. Has Frame-relay link to SiteA and link to internet. Site C - NG AI R54. Has internet link Only. Smart - SmartCenter managing all 3 firewalls.
SiteA ------- SiteB connected via frame relay link. SiteB ------- SiteC Connected Via VPN tunnel over the internet Now I want to set up a VPN between SiteA and SiteC. However, in the general properties of SiteA firewall, the IP address is that of the frame-relay link and not the external IP address of the internet. Therefore, I was facing a problem initiating a VPN tunnel between SiteA and C. I even tried the dynamic resolution option but to no avail. Therefore, I finally gave in and decided to change the IP address of SiteA in the General properties to that of the external. It went well. I changed the IP, reset the SIC and restarted the module for safe measures. Before this change, all communication between Site A and B was fine, all over the frame-relay link, in the clear. As soon as I made the change, all traffic from SiteA to SiteB was being dropped. The reason being that SiteB logs the error as "Encryption error:traffic sent in clear within an encryption connection.". SiteB obviously sends the traffic in the clear, but siteA expects it to be encrypted?!? The rules are still the same, SiteA SiteB ANY ANY ACCEPT and nothing in the VIA column, just ANY. THere is NO VPN community between SiteA and B. I even removed ALL Vpn communities and left only SiteA---siteC VPN community... still, no use. It only works when SiteA itself is NOT part of ANY community (star, mesh). This email is getting too long. In short, I tried lots of things (and Encrypt all traffic is not encrypted) but nothing worked. I ended up with SITEA in NO VPN community... but i need it to be. So your help would be much appreciated. Regards, Girard Moussa _______________________________________________________________________________________ This email (and attachements) may contain privileged / confidential information. If you are not the addressee (or responsible for delivery of this message) any use, forwarding, printing or copying of this email is strictly prohibited. In such case, you should destroy this message and kindly notify the sender. Opinions, conclusions and other information in this message that do not relate to the official business of Advance Vision Technology (Aust) Pty Ltd shall be understood as neither given nor endorsed by it. ________________________________________________________________________________________ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
