Bintec VPN through Checkpoint FW1, ESP problem! |
||
|---|---|---|
| #0
| ||
|
18.11.2002, 14:03
...neu hier
Beiträge: 3 |
||
 
|
|
|
|
18.11.2002, 22:21
Member
Beiträge: 18 |
#2
Hello guido,
I hope I understood it correct: Bintec A --- FW1 --- LAN | Bintec B I hope you arn't using private IPs in you DMZ (see RFC1918), beacause FW1 isn't able to translate other services than TCP and UDP. Please try the following rule: SRC DST SERVICE ACTION Bintec A Bintec B ESP ACCEPT Bintec B Bintec A ESP ACCEPT Put this rule at the first place of the Security Policy, make shure no Address Translation Policy matches this connection. I hope I could help you! Regards, Simon P.S. Which Checkpoint version are you using? Dieser Beitrag wurde am 18.11.2002 um 22:22 Uhr von simon editiert.
|
|
|
|
|
|
|
20.11.2002, 11:39
...neu hier
Themenstarter Beiträge: 3 |
||
|
|
|
|
|
21.11.2002, 18:56
Member
Beiträge: 11 |
#4
Hi Guido,
here try: www.phoneboy.com he has established quite a FAQ on CP FW-1. Anyway, why did you post your question in english. (no question if you're a nativ speaker...) __________ ______________ Please sign here |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
can someone help me?
Two Bintecs are connected via Internet over Checkpoint FW1.
One Bintec is in a home office and the other in the DMZ from FW1.
When we want to establish IPSEC Tunnel, we can't send traffic through
the tunnel.
The tunnels are there but on the FW 1 you can see ESP requests followed
by
ICMP Type 2 Code 3 (Protocol unreachable) messages.
When we use it without the FW1, there is no problem.
Is it a special bug in the FW 1, i can't believe it?
In the rulebase we have opened service any for testing but the same
effect.
MTU Size not relevant for testing with small packets.
Routing seems ok.