Hi All
We are looking to setup a preshared site to site tunnel between a
Symantec Firewall (Raptor) and Checkpoint NG FP3 running on Nokia
box. On the Checkpoint Side, we have created the checkpoint
Firewall object, an interoperatble object for the Raptor
firewall, created VPN communities, enabled 3DES and the
encryption algorithm been optional between MD5 and SHA1. We are
using tradional mode, so we have specified the same level of
encryption within IKE mode properties on the Checkpoint
Properties.
Apart from the Firewall objects for both sites we have created
Subnet network objects for both sites, which, but from the
checkpoint side we have made the remote subnet a member of its
encryption domain, within interoperable properties for the Raptor
firewall, on topology we defined the internal and external
interface of the Raptor Firewall. And have manually defined
remote subnet.
We have rules from the checkpoint firewall - Raptor Firewall-
IPSEC - accept
Raptor Firewall - checkpoint Firewall - IPSEC -accept
we also have rules to and from both subnets allowing encrypted
traffic, on the encrypt properties
on the checkpoint Firewall rule base we have specified 3DES, MD5,
selected the raptor firewall as peer gateway, no compression
Note we have quite a number of machines with static routing in
the encryption domain, i read this might be a problem getting
this VPn site to site working??
We have hide NAT from the checkpoint Side, hide all internal
network behind the checkpoint firewall, and so i have put in a
manual nat rule from the
checkpoint sides subnet to the remote subnet - original -original
( to prevent NAT )
traffic does seem to go through at all
the question is do we have to do static routing within Voyager,
do we have to add static routes to the cisco router etcetra
Pls could anyone let me know why this isn't working and if there
are there's something i'm missing
Regards,
Ad
This message was sent using Go4.it Webmail. To register your own
FREE Go4.it Webmail account, please Click Here!
Go4.it is the UK's fastest growing Search Engine with an
integrated Business Search facility and extensive Travel Portal.
We also provide UK Broadband at incredibly competetive prices.
Visit Go4.it now >> www.Go4.it.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
