I have seen strange activity (i.e. FW1 behave
incorrectly) when an "Any" rule is before an
encryption rule.
I doubt that your problem was like mine, but try
putting all your encryption rules at the top of your
rulebase.
HTH -- Chris
--- Dan Guinn <[EMAIL PROTECTED]> wrote:
>
>
> Interesting...do you have a rule before this that
> blocks/filters HTTP, or do
> you have a NAT rule for either of these networks?
>
> If you have a filter/block, move this rule before
> it.
> If you have a NAT, make sure to put both networks in
> a group, and add a NAT
> rule that looks like:
>
> VPNGroup-----VPNGroup-----Original
>
> Dan Guinn
>
> -----Original Message-----
> From: Martin Flagg
> [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 26, 2001 9:34 AM
> To: 'Dan Guinn'
> Subject: RE: [FW1] VPN and Http
>
>
> Its the first Rule,
>
>
LanNet1-----LanNet1------any-------Encyrpt----LogLong
> LanNet2-----LanNet2
>
> I also have tried specifically defining HTTP with no
> luck.
>
> Martin D. Flagg
>
> -----Original Message-----
> From: Dan Guinn [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 26, 2001 9:07 AM
> To: 'Martin Flagg';
> '[EMAIL PROTECTED]'
> Subject: RE: [FW1] VPN and Http
>
>
>
> What does your rule look like? Are you allowing
> HTTP?
>
> -----Original Message-----
> From: Martin Flagg
> [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 23, 2001 4:57 PM
> To: '[EMAIL PROTECTED]'
> Subject: [FW1] VPN and Http
>
>
>
> I have two sights conencted via VPN using NAT thru
> the Internet. I am able
> to telnet/Citrix back and forth. However when I
> type a private address
> of the Network1 web browser while I am on Network2
> the packet flows thru and
> is dropped by the cleanup rule.
>
> Thanks
>
>
>
> Martin D. Flagg
> Sr. Systems Engineer
> Business Smarts, Inc.
> [EMAIL PROTECTED]
>
>
>
>
>
>
============================================================================
> ====
> To unsubscribe from this mailing list, please
> see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
============================================================================
> ====
> To unsubscribe from this mailing list, please
> see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
================================================================================
> To unsubscribe from this mailing list, please
> see the instructions at
>
> http://www.checkpoint.com/services/mailing.html
>
================================================================================
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
