>>> On 11/7/2006 at 3:19 PM, Hugo van der Kooij <[EMAIL PROTECTED]> wrote: > On Tue, 7 Nov 2006, cisco4ng wrote: > >> I don't have any IPv6 traffics on my network. I don't know where this comes > from. >> By the way, I do not have any drops between FWB with Cisco devices, only > when >> FWA is an NG AI or NG FP3 firewall. > > Try google and see what you find when you search for "ipv6-crypt".
Translation: On a Linux system, check /etc/protocols. See what it calls protocol 50. (IPv4 and IPv6 share the same protocol numbering space.) > I think you need to work out a MTU issue between these firewalls on your > ESP traffic. You may want to use IKE instead of ESP. This I do not understand. "IKE instead of ESP?" IKE is, as the name implies, a protocol for exchanging keying material. ESP is for actually transfering encrypted data. IPsec may use IKE to establish SAs for ESP, and ESP to transport the data between peers, but it cannot use IKE to transport data. BĀ¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
