-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
For these types of VPN's you probably want to add two Translation
rules that disable NAT for connections through the VPN tunnel. The
two rules are:
MyNet - PartnerNet - Any - Original - Original - Any
PartnerNet - MyNet - Any - Original - Original - Any
Make sure you set routes in your network that directs traffic aimed
at the PartnerNet to your firewall.
Regards,
Frank
> -----Original Message-----
> From: Vaughan, Jeff [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, October 04, 2000 10:53 AM
>
> We are running that exact scenerio with one of our partners.
> Check that
> both firealls have the exact same encryption settings, also
> make sure that
> you include both the valid and invalid IPs in your encryption
> domain. You
> only need the valid IPs for your partner's network.
>
> -----Original Message-----
> From: Darryl Bowler [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, October 04, 2000 10:22 AM
>
> anyone had luck running a VPN between 2 checkpoint FWs which
> have NATed lans
> with private address ranges behind them ?
> Using IKE.
>
> When I configure NAT (auto hide) I get the following errors
> icmp-type 0 icmp-code 0 encryption failure: Packet is not
> IPSEC scheme: IKE
>
> Without NAT, it works fine.
>
>
> Regards Darryl
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.
iQA/AwUBOdv3z0RKym0LjhFcEQL5RQCfeDNjlS56DeNviIl9DejXZiVnVZQAnjMH
Txz4sFlMHP4kgUBna3e17/u5
=yGCk
-----END PGP SIGNATURE-----
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
