Looks like routing is correct if you can SSH to it. On the fw at siteB,
do a "cpstop" then do a "cpstart cpshared" to start just the SVN. Try
the SIC. If it doesn't work, recreate and reinitialize the SIC. While
you're SSH'd into the siteB fw, do a tcpdump on the interface to check
the traffic. You didn't say if your mgmt was on another subnet or not,
make sure the firewall knows how to get to the mgmt server and vice
versa. Check any logging you have available.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of David
Walker
Sent: Friday, August 20, 2004 10:35 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1]
Group,
I'm having issues getting my CP management server talking to a firewall
located behind a firewall.
(SiteA)ManagementServer->FirewallA->Internet->(SiteB)FirewallB->Firewall
C
I have a site to site vpn up between FirewallA & B.
Before I moved FirewallC to its remote location, I configured locally on
my LAN and had it working fine. It has kept the same IP scheme and I
have corrected the routing to point to it at its remote site.
When I do an fw unloadlocal on the firewallC, I can SSH to it from my
desktop at site A. But, I cannot established SIC between the management
server and the firewallC. I've tried reinitializing, but with no luck
either.
Anyone have any insight or suggestions for me? I'm stumped.
Thanks,
David
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
