Only thing I can think of, is that u need to have your nat address in your
crypto domain on NG.
ei. your crypto rules must have the nat address, in the rule, to accept
the trafik.
Packets seems to be nat'ed before they are entering the crypto rule.
This wasnt nessesary on 4.1 ....
____________________________________________________
Med venlig hilsen / Best regards
Lars Schmidt-Petersen Tlf. : +45 74 33 53 42
Sønderjyllands Amt - edb-kontoret e-mail : LSP AT SJA DOT DK
Skelbækvej 2
6200 Aabenraa
____________________________________________________
Rainer_Freis AT SANTIX DOT DE
Sendt af: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
26-09-2003 12:39
Besvar venligst til Mailing list for discussion of Firewall-1
Til: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
cc: (bcc: Lars Schmidt-Petersen/ØkAfd/SjA)
Vedr.: [FW-1] VPN between two firewalls
Hello,
we have two offices both with NG FP3 firewalls. We want to use encrypted
connections between the two offices. I created interoperable devices on
both offices with the same secret.
Office A has official IP addresses, office B uses NAT.
I created rules on both offices that incoming and outgoinig connections
between both firewalls shall be encrypted.
>From office A I can reach (telnet, ping) machines in office B (with 1:1
NAT) but from office B I can't communicate with office A (no telnet, no
ping). Normal connections (rules without encryption) work in both
directions.
Any idea what I did wrong? Has anyone a good documentation about
encryption and NAT?
regards
Rainer
--
Rainer Freis Leiter
Systemadministration
santix AG Weihenstephaner Str. 4
D-85716 Unterschleissheim
Phone: (+49) 89 321506-24 Fax : (+49) 89 321506-99
You don't know what real time-critical software is until you're
responsible for the paychecks of a battalion of heavily armed
Marines. (somebody in alt.sysadmin.recovery)
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
