[FW1] RE: Manual IPSEC question

Fri, 27 Oct 2000 12:03:47 -0700 


One additional item,  the firewalls are not managed by the same management
stations.  So this is basically an extranet configuration.

Thanks again

Rick

_______________________________________
Rick Camp
Welsh Consulting, Inc. 
31 Milk Street, Suite 805 
Boston, MA 02109 
617-695-9800 Tel 
617-695-0350 Fax 
[EMAIL PROTECTED] 
www.welsh.com

>  -----Original Message-----
> From:         Rick Camp  
> Sent: Friday, October 27, 2000 2:51 PM
> To:   '[EMAIL PROTECTED]'
> Subject:      Manual IPSEC question
> 
> I am having an issue with a Manual IPSEC between two firewall-1 boxes.
> Both are NT, one is 4.0 SP7 the other is 4.1 SP2.  
> 
> The encryption works, but is seems like it needs to be primed.  If I
> initiate a connection (ping, nbtstat, web browsing, etc) from only one
> side, it will be encrypted outbound, but there will be no response.  this
> is the same no matter which network I initiate the connection from.
> However if I initiate a connection from both sides the encryption kicks in
> and works just fine even if everything else is initiated from only one
> network.  The next day it will need to be primed from both sides again
> even though the firewall was not reset and no security policy changes were
> made.
> 
> My rulebase looks like this:
> 
> my internal network - other internal network - any - encrypt
> other internal network - my internal network - any - encrypt
> 
> If I combined these 2 rules into 1 would it solve the problem?
> 
> I was initially trying to set up IKE or ISAKMP between the two, but this
> seemed to complicated until the 4.0 box was upgraded to 4.1 because 4.0
> won't do entire subnets with IKE yet.
> 
> Any suggestions would be greatly appreciated.
> 
> Thanks,
> 
> Rick
> 
> 
> _______________________________________
> Rick Camp
> Welsh Consulting, Inc. 
> 31 Milk Street, Suite 805 
> Boston, MA 02109 
> 617-695-9800 Tel 
> 617-695-0350 Fax 
> [EMAIL PROTECTED] 
> www.welsh.com
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to