Dear All, I am trying to build VPN with FireWall-1 4.1 with High Avialability as shown below.
NOKIA IP440 x 2 IPSO 3.4.1-FCS10 FireWall-1 4.1 SP5a Also, I am using both VPN and NAT on FireWall-1. The IP address(A.A.A.A = private IP address) on the internal network is Static NATed to B.B.B.B(=public IP address), which commnuictates with C.C.C.C(=public IP address) on FireWall-1 on the other side. After VPN was established successfully, when I ping from A.A.A.A to C.C.C.C, I can see the log in FireWall-1 as shown below. scheme: IKE methods: Combined ESP: 3DES + SHA1(phase2 completion) for hosts: B.B.B.B and C.C.C.C scheme: IKE methods: Combined ESP: 3DES + SHA1(phase2 completion) for hosts: A.A.A.A and C.C.C.C The log in the FireWall-1 on the other side shows the same. After VPN is established successfully, both endpoints communicates each other with NATed IP address( in this case, this is B.B.B.B),so I guess key install for A.A.A.A(=private IP adddress) would not be required. This key install is correct action for FireWall-1 ? Are there any ways to avoid key install for A.A.A.A(=private IP address) ? Please advise. Best regards, Seigo Usui ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
