Leonardo
Thanks for ur mail. The config we have is
10.88.0.0/24{Local Encryption domain} and 10.20.0.0/24 {Remote encryption
domain} Not sure what you mean by
I also found problems with the source and destination objects that you
place on the rules of the Check Point Gateway.
Thanks
Mohan Mysore
Insure IT Services
Tel Ph: 612-97017086 Fax: 612-9701 7501
Mobile: 0409 073853
Email: mohan.mysore AT qbe DOT com
Web: www.qbe.com
Leonardo Boulton
<lboulton@CYBERTECHPRO To: FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM
JECTS.COM> cc: (bcc: Mohan
Mysore/NSW/IITS/Insurance)
Subject: Re: [FW-1] Query:
VPN between CP NG
29/05/2003 09:59 PM FP3 and Cisco 3000
concentrator
Please respond to
Mailing list for
discussion of
Firewall-1
Mohan,
I had the same problem and it took me a lot to find out what was
happening. I found that the VPN Concentrator drops packets that come
from networks that are not defined as part of his encryption domain or
viceversa. In other words, make sure that the entire encryption domain
of the VPN Concentrator is configured on the Check Point Objects, AND
that the exact Check Point Encryption Domain is configured on the VPN
Concentrator. Both domains must match exactly.
I also found problems with the source and destination objects that you
place on the rules of the Check Point Gateway.
Hope this helps,
L.
On Wed, 2003-05-28 at 23:56, Mohan Mysore wrote:
> Hi All
> I am having issues setting up a VPN between a CP NG FP3 HF2 firewall
> running on a Nokia IP350 platfrom and a Cisco VPN concentrator 3000
series
> running v 3.65R.
> The issue being we are unable to succesfully setup a tunnel between the 2
> devices for
> IKE 3DES MD5 encryption using pre-shared secrets .
> All that is displayed on the log is the initial Key exchange traffic for
> Phase 1and no successs with the Phase 2 if the key exchange is initiated
> from the CP end. But if the Xchange is from the Cisco end the Key
exchange
> is successful and we can see some ecnrypt traffic on the CP end but the
> other end does not see any traffic coming in. It is the same for the
> decrypt traffic coming from the Cisco to the CP . Any help is appreciated
> on the issues...
> Thanks
> Mohan Mysore
> Insure IT Services
> Tel Ph: 612-97017086 Fax: 612-9701 7501
> Mobile: 0409 073853
> Email: mohan.mysore AT qbe DOT com
> Web: www.qbe.com
>
>
>
> ________________________________________________________________________
> IMPORTANT NOTICE : The information in this email is confidential and may
also be privileged. If you are not the intended recipient, any use or
dissemination of the information and any disclosure or copying of this
email is unauthorised and strictly prohibited. If you have received this
email in error, please promptly inform us by reply email or telephone. You
should also delete this email and destroy any hard copies produced.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
________________________________________________________________________
IMPORTANT NOTICE : The information in this email is confidential and may also
be privileged. If you are not the intended recipient, any use or dissemination
of the information and any disclosure or copying of this email is unauthorised
and strictly prohibited. If you have received this email in error, please
promptly inform us by reply email or telephone. You should also delete this
email and destroy any hard copies produced.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
