Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Site-to-site VPN

from Eyal Rif [Permanent Link]
Subject: Re: [FW-1] Site-to-site VPN
From: Eyal Rif <eyal AT TERA-CHIP DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Thu, 26 Jun 2003 17:33:38 +0300 
Hi,

1) Yes, it is possible to create VPN based only on gateway certificates,
you will need to create the certificate for both firewalls and install
it on the other firewall. BTW - it is easier defining it through
Traditional Mode.

2) There shouldn't be any problem, if it can connect with clear text -
it has a TCP/IP connection. Check your configuration when you are trying
to use encrypted connections.

-----Original Message-----
From: fwlst [mailto:fw1lst AT NETSCAPE DOT NET]
Sent: Thursday, June 26, 2003 4:11 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM

I'm tryuing to define site-to-site vpn in between 2 Checkpoint NG FP3
boxes.
A couple of genereal questions......
1. Is it possible to have a site-to-site VPN based only on gateway
certificated without sefining a preshared secret?
2. First gateway has public IP as primary, second has private IP as
primary, VPN connection should g over the private leased line. When I
create encrypt rule ther is no traffic asppearing on the firewall that
hits that rule, tcpdump on Nokia shows no traffic at all, the moment I
disabel that rule and allow cleartext communications everything works
fine.
Could it be the problem that one gateway has public IP as primary ans
second has private as primary?
Thanks.
--
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] A little off Topic - Unknown Port, La Coursiere, Jeff
Next by Date:  Re: [FW-1] Site-to-site VPN, fwlst
Previous by Thread:  [FW-1] Site-to-site VPN, fwlst
Next by Thread:  Re: [FW-1] Site-to-site VPN, fwlst
Indexes:  [Date] [Thread] [Top] [All Lists]