ah good question, how would the other side initiate the vpn if this connections is made from our end, we send the interesting traffic? The rules allow only one way for services, IKE UDP 500, ipsec, esp is all open both ways between the firewalls
________________________________ From: pkc mls <[email protected]> To: [email protected] Sent: Wed, 13 July, 2011 18:28:07 Subject: Re: [FW-1] Checkpoint vpn interface set up Le 13/07/2011 18:47, Peter Addy a écrit : >> Thanks, all interfaces have no anti spoofing and yup we have routes that >> point >>the target ips to the router hop which leads out, and I have another >>question, >>if IKE udp 500 fails in our logs with no valid SA with another VPN my >>question >>is would the other party still this ike udp 500 on their side, reason I ask >>is >>that I am told the other side don't see anything incoming to them, we see >>this >>ike leaving our firewall via the vrrrp address? what happens if the remote part initiates the vpn ? do you see the incoming ike on the firewall ? Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
