I meant that at both end points, the encryption domains should be
exactly the same. It is possible for you to have the encryption domain
in your Check Point Gateway defined as a group of networks. In such a
case, you must do so in the Cisco Concentrator: all of the networks!.
In my case I had many VPN tunnels in a Check Point firewall, so the
encryption domain was constituted by three networks. The Cisco
Concentrator only needed to access one of the networks. Originally, I
set only that network as the Check Point encryption Domain in the Cisco,
and The VPN didn't work. Then I tried configuring the three networks in
the Concentrator, and it worked that way.
On Thu, 2003-05-29 at 21:53, Mohan Mysore wrote:
> Leonardo
> Thanks for ur mail. The config we have is
> 10.88.0.0/24{Local Encryption domain} and 10.20.0.0/24 {Remote encryption
> domain} Not sure what you mean by
> I also found problems with the source and destination objects that you
> place on the rules of the Check Point Gateway.
>
>
> Thanks
> Mohan Mysore
> Insure IT Services
> Tel Ph: 612-97017086 Fax: 612-9701 7501
> Mobile: 0409 073853
> Email: mohan.mysore AT qbe DOT com
> Web: www.qbe.com
>
>
>
>
> Leonardo Boulton
> <lboulton@CYBERTECHPRO To: FW-1-MAILINGLIST AT
> AMADEUS.US.CHECKPOINT DOT COM
> JECTS.COM> cc: (bcc: Mohan
> Mysore/NSW/IITS/Insurance)
> Subject: Re: [FW-1]
> Query: VPN between CP NG
> 29/05/2003 09:59 PM FP3 and Cisco 3000
> concentrator
> Please respond to
> Mailing list for
> discussion of
> Firewall-1
>
>
>
>
>
>
>
> Mohan,
>
> I had the same problem and it took me a lot to find out what was
> happening. I found that the VPN Concentrator drops packets that come
> from networks that are not defined as part of his encryption domain or
> viceversa. In other words, make sure that the entire encryption domain
> of the VPN Concentrator is configured on the Check Point Objects, AND
> that the exact Check Point Encryption Domain is configured on the VPN
> Concentrator. Both domains must match exactly.
>
> I also found problems with the source and destination objects that you
> place on the rules of the Check Point Gateway.
>
> Hope this helps,
>
> L.
>
> On Wed, 2003-05-28 at 23:56, Mohan Mysore wrote:
> > Hi All
> > I am having issues setting up a VPN between a CP NG FP3 HF2 firewall
> > running on a Nokia IP350 platfrom and a Cisco VPN concentrator 3000
> series
> > running v 3.65R.
> > The issue being we are unable to succesfully setup a tunnel between the 2
> > devices for
> > IKE 3DES MD5 encryption using pre-shared secrets .
> > All that is displayed on the log is the initial Key exchange traffic for
> > Phase 1and no successs with the Phase 2 if the key exchange is initiated
> > from the CP end. But if the Xchange is from the Cisco end the Key
> exchange
> > is successful and we can see some ecnrypt traffic on the CP end but the
> > other end does not see any traffic coming in. It is the same for the
> > decrypt traffic coming from the Cisco to the CP . Any help is appreciated
> > on the issues...
> > Thanks
> > Mohan Mysore
> > Insure IT Services
> > Tel Ph: 612-97017086 Fax: 612-9701 7501
> > Mobile: 0409 073853
> > Email: mohan.mysore AT qbe DOT com
> > Web: www.qbe.com
> >
> >
> >
> > ________________________________________________________________________
> > IMPORTANT NOTICE : The information in this email is confidential and may
> also be privileged. If you are not the intended recipient, any use or
> dissemination of the information and any disclosure or copying of this
> email is unauthorised and strictly prohibited. If you have received this
> email in error, please promptly inform us by reply email or telephone. You
> should also delete this email and destroy any hard copies produced.
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
>
>
>
> ________________________________________________________________________
> IMPORTANT NOTICE : The information in this email is confidential and may also
> be privileged. If you are not the intended recipient, any use or
> dissemination of the information and any disclosure or copying of this email
> is unauthorised and strictly prohibited. If you have received this email in
> error, please promptly inform us by reply email or telephone. You should also
> delete this email and destroy any hard copies produced.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
