Hello again, thank you for the hint.
IKE is allowed NAT-T is not needed ESP is done by the implied rule I'll test the excluded service in my test environment and report about the results Kind Regards Burkhard -----Ursprüngliche Nachricht----- Von: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Im Auftrag von Reinhard Stich Gesendet: Donnerstag, 8. Mai 2008 08:47 An: [email protected] Betreff: Re: [FW-1] VPN + IKE hi, do you see drops between your firewall and the remote vpn gateway? what you can check - ike allowed? - nat-t needed? - ESP allowed? in your VPN community - please define the group "IPsec" as excluded services br reinhard At 08:28 08.05.2008, you wrote: >Hello Friends, > >I tried to implement a VPN connect using explicitly defined Firewall >Rules. > >Ok, the fw1 establishes an implied rule containing the ESP packets > >But defining the necessary IKE rule eplicitly >failed. On the other hand activating the implied >rule containg an equivalent IKE rule works. > >Any idea what's the difference between the >implied IKE rule and an explicitly defined rule is? > >Regards >Burkhard > >Burkhard Trinder >Security Design > >HVB Information Systems Gmbh >Member of UniCredit Group > >Am Tucherpark 12 >D-80538 Muenchen > >Tel.: +49-89/378-24286 >Fax.: +49-89/378-33-24286 >EMail: [EMAIL PROTECTED] > >Management: Gabriele Ruf, Klaus Rausch >Chairman Supervisory Board: Matthias Sohler >Legal form: GmbH, registered office: München, >register court: local court München HR B 93804, tax number 143/102/30007 > > > > > >Scanned by Check Point Total Security Gateway. > > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= -- Reinhard Stich [EMAIL PROTECTED] Internet Security AG, 1150 Wien, Johnstrasse 29 Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
