I am having an issue with a Manual IPSEC between two firewall-1 boxes. Both
are NT, one is 4.0 SP7 the other is 4.1 SP2.
The encryption works, but is seems like it needs to be primed. If I
initiate a connection (ping, nbtstat, web browsing, etc) from only one side,
it will be encrypted outbound, but there will be no response. this is the
same no matter which network I initiate the connection from. However if I
initiate a connection from both sides the encryption kicks in and works just
fine even if everything else is initiated from only one network. The next
day it will need to be primed from both sides again even though the firewall
was not reset and no security policy changes were made.
My rulebase looks like this:
my internal network - other internal network - any - encrypt
other internal network - my internal network - any - encrypt
If I combined these 2 rules into 1 would it solve the problem?
I was initially trying to set up IKE or ISAKMP between the two, but this
seemed to complicated until the 4.0 box was upgraded to 4.1 because 4.0
won't do entire subnets with IKE yet.
Any suggestions would be greatly appreciated.
Thanks,
Rick
_______________________________________
Rick Camp
Welsh Consulting, Inc.
31 Milk Street, Suite 805
Boston, MA 02109
617-695-9800 Tel
617-695-0350 Fax
[EMAIL PROTECTED]
www.welsh.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
