Greetings, I have been struggling to get a VPN working between a Nokia 120 and a Solaris based Firewall-1 server. At this point if I perform a telnet from the remote network through the VPN to the local network it works fine, and I can see the key exchange and encrypted packets between the firewalls (with tcpdump and snoop) and the unencrypted packets on the inside interfaces of both firewalls. If however I try to telnet in the other direction (from the local network to the remote network) I see the key exchange and the local firewall (Solaris) sending the encrypted packets, but never a response. When tcpdumping the inside interface on the remote network (Nokia 120) while the encrypted packets are being sent, nothing shows. So it would appear that the Nokia is dropping the packets, but only when traffic is initiated in one direction.
In the policy editor I basically have two rules to implement this VPN - one rule that passes UDP 500 for the key exchange (with the Sun and Nokia listed as both source and destination), and another that has action "encrypt" (with the local and remote networks as both source and destination). Both rules are installed on both gateways. An additional problem with this new Nokia 120 unit is the logging. I seem to be missing most of the log entries. They seem to come sporadically. I would really love to see a "drop" log entry that will point me to the problem, but at the moment I don't believe I am actually getting all of the log. I noticed fw.log in the logs directory, but appears to be binary and unreadable. Can anyone point me to a text based log file that might show me what I need? I am pretty disgusted and frustrated with the whole GUI interface... TIA, Jeff LaCoursiere Infrastructure Specialist T-Motion ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
