Thanks Michael and Mark, you guys were right on the money. Specifying all
the interfaces on the remote gateway solved the problem.
Kamran
-----Original Message-----
From: Michael Liberte [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 26, 2001 4:49 PM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: [FW1] Firewall to Firewall VPN
Try to define the FW1 object to be gateway and have all the interfaces
defined correctly on FW2 management station. Maybe FW2 receives the packet
that originates from the incorrect IP and rejects it.
Check to see if the shared secret matches on both firewalls.
Cheers,
Michael.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 26, 2001 4:25 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Firewall to Firewall VPN
I am trying to implement VPN between two cp2000 firewalls but cannot get the
peer to respond.
Both firewall modules are on Nokia 650 and the management console for each
are on Windows NT.
Here is the senario
Net1-------------FW1---------Router1--------Router2---------FW2----------Net
2
|
|
|
Net3
I am trying to implement VPN between Net1 and Net2. The workstation
properties IP address, hostname and license of FW1 is facing Net3. The
workstation properties IP address, hostname and license of FW2 is facing
Router2.
I have configured the VPN tab on both management consoles with
IKE,DES,MD5,Shared Secret. The encryption domain on FW1 is Net1 and FW2 is
Net2. I have also created separate rules for both incoming and outgoing
traffic.
Before configuring the VPN properties I had made sure that I have full
connectivity between Net1 and Net2.
When I do a ping from Net1 to Net2 I see the following in the info field of
the fw log
Action Info
Key Install IKE Log: Recieved Notification From Peer: Invalid
id information
Drop encryption failure: no response from peer: scheem
IKE
Could the problem be the FW1 ip being on Net3 rather than one facing Router
1. If that is the case how would you implement multiple vpn. Do I need some
kind of nasty NAT.
When I run tcpdump on the FW1 interfacing Router1 I see udp packets on port
500 between this interface and FW2's interface facing Router2.
Thank you for your time and any help would be much appreciated.
Kamran
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
