Sounds simple.. I am sure.. maybe it is..
Here is the deal..
I have a number of firewalls that I need to create a VPN to from my firewall. I seem to have the VPN setup properly on my side of the connection because I see my connections being encrypted going to the remote firewalls. Yet, when they get to the remote end they are rejected. Even more interesting is I can, in a convoluted manner, get to these remote firewalls and login and ssh back to my end and all is good and encrypted.
So I look at the logs, and I notice that when I try to reach a remote firewall, the keys are exchanged with FWX. Amazingly enough I can ssh to FWX perfectly fine from my network, encrypted and all.
The error I get with the others is.. , neither the source nor the destination is within the encryption domain.
So, if my understanding is correct.. I need to exchange keys directly with the firewall in which I need to encrypt or it no workie.. But I don't know how to set the remote firewalls up so that they do not authenticate to FWX. Or at least I think that is what is happening.
Oh well , this is long enough..
If anyone can help it would be appreciated.
Thanks
John Kelley
Senior Security Analyst
Vigilinx
