Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Checkpoint and Nortel contivity VPN

from Kevin_Butters [Permanent Link]
Subject: Re: [FW-1] Checkpoint and Nortel contivity VPN
From: Kevin_Butters AT MCAFEE DOT COM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Wed, 25 Aug 2004 05:46:31 -0700 
When you created your VPN rules, did you create rule(s) that allow both
sides of the tunnel to be source and destinations or did you create a
half-duplex rule that allows one side to be source only. What may be the
problem is that the remote side of the tunnel may be attempting to open
a connection on the FTP data port and can not go backthrough the tunnel
because there are no VPN rules that allow source connections from the
remote network to get to your network. See example below

1 Rule @sites A&B
Source  Dest            VPN             Service         Action
Net_A           Net-B           mesh            *
Accept
Net_B           Net_B

Or

2 Rules @sites A&B
Source  Dest            VPN             Service         Action
Net_A           Net_B           Mesh            *
Accept

Source  Dest            VPN             Service         Action
Net_B           Net_A           Mesh            *
Accept

-K


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
Vedantam sekhar
Sent: Wednesday, August 25, 2004 6:59 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Checkpoint and Nortel contivity VPN


Hi Group,

We are establishing the VPN between Checkpoint NG R54
and Nortel contivity box.

a. We are able to establish the IPSEC tunnel but no
other traffic between the two networks under VPN
domain works....Ex:Ping,ftp...etc.There is an Error
observed in the CP,"Encryption fail reason:packets in
wrong direction,VPN error code 01".This is not always
the case,some times we see the ftp connection is
established from one network-other but no ftp traffic
flows.

b. Please share me if any configuration documents are
available for setting up the site-site VPN between CP
NG AI R54 gateway and Nortel contivity box.


Thanks,

V.N.SEKHAR




__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [FW-1] Normal users cannot delete files after IPSO upgrade, Maxeiner, Christian
Next by Date:  Re: [FW-1] problem in estblishing SIC for backup management server, GoddardM
Previous by Thread:  [FW-1] Checkpoint and Nortel contivity VPN, Vedantam sekhar
Next by Thread:  [FW-1] Normal users cannot delete files after IPSO upgrade, Maxeiner, Christian
Indexes:  [Date] [Thread] [Top] [All Lists]