Correct ne if I'm wrong.....When VPN tunnel is establishe then it should
encapsulate packets, encapsulation is node 'on behalf' of primary IP
address defined in the firewall object, which is Public IP, if
encapsulation is done within Public IP then the packet will never go
over the private leased line....it will go to the internet and will
desappear because connection between firewalls sould be done over the
private lines and not over the internet.....taht's my guess
Medaber ivrit habibi?
eyal AT TERA-CHIP DOT COM wrote:
Hi,
1) Yes, it is possible to create VPN based only on gateway certificates,
you will need to create the certificate for both firewalls and install
it on the other firewall. BTW - it is easier defining it through
Traditional Mode.
2) There shouldn't be any problem, if it can connect with clear text -
it has a TCP/IP connection. Check your configuration when you are trying
to use encrypted connections.
-----Original Message-----
From: fwlst [mailto:fw1lst AT NETSCAPE DOT NET]
Sent: Thursday, June 26, 2003 4:11 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
I'm tryuing to define site-to-site vpn in between 2 Checkpoint NG FP3
boxes.
A couple of genereal questions......
1. Is it possible to have a site-to-site VPN based only on gateway
certificated without sefining a preshared secret?
2. First gateway has public IP as primary, second has private IP as
primary, VPN connection should g over the private leased line. When I
create encrypt rule ther is no traffic asppearing on the firewall that
hits that rule, tcpdump on Nokia shows no traffic at all, the moment I
disabel that rule and allow cleartext communications everything works
fine.
Could it be the problem that one gateway has public IP as primary ans
second has private as primary?
Thanks.
--
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
--
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
