Hello I need to create a VPN-tunnel from the internal network to the FW-1 machine. This is to tunnel an internal subnet (i.e WLAN) directly into the internet, without touching the internal one.
My setup is the following: - Check Point FW/VPN (NG AI R55): external IP 172.17.1.53, internal IP 192.168.1.1 - Management with SmartCenter: 192.168.1.2 - VPN-1 Edge Box: 192.168.1.51 I need to create a tunnel from the Edge Box to the Check Point Firewall, so that all machines connecting behind the Edge Box are directly tunnelled into the internet. I managed to do the scenario where the Edge Box is in the internet. But now putting the Edge Box into the internal net, the VPN tunnel cannot be established. On the Edge Box I connected to a service-center where had to give the IP address of the Management Machine (normally, the IP address of the firewall should be defined). The connection to the Management over SWTP worked fine, however I was not able to bring up a VPN tunnel. Here the error messages I got: On the Edge Box: VPN Tunnel with 192.168.1.2 no respons from peer On SmartView Tracker: IKE: Main Mode Sent Notification to Peer: invalid id VPN-1 Edge: failed to establish VPN Tunnel with gateway While sniffing, I saw that the Edge Box is trying to set up the tunnel. I see some IKE messages from the Edge Box to the Firewall, but the Firewall is not answering. Strange is also the Edge Box message with says �VPN Tunnel with 192.168.1.2�� wich is the IP address of the management. Is there a way that I can tell the Firewall that is should also do IKE on the internal interface? Is it actually possible to do a VPN from the internal network? Any suggestions? Thanks for your comments Nik -- DSL Komplett von GMX +++ Superg�nstig und stressfrei einsteigen! AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
