Re: [FW-1] VPN-1 Edge X Setup

Subject:	Re: [FW-1] VPN-1 Edge X Setup
From:	Motta Corrado <Corrado.Motta AT RTSI DOT CH>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 17 Feb 2005 09:05:14 +0100

Steve,
4 month ago, I was building a site2site-VPN  between CP NG AI R55 HFA_08 and 
X-edge: same problem.
I contacted my reseller and he told me that NAT-T (NAT traversal)  is supported 
bye X-edge and CP but CP have not to be behind a NAT device ( only the X-edge )
It seems that x-edge support NAT-T, but Checkpoint doesn't support "full" NAT-T.
:(

In summary:
X-edge-----NATdevice-----Internet----NATdevice----Checkpoint ---> VPN NOK!!!!
X-edge-----NATdevice-----Internet----Checkpoint                  ---> VPN OK!!!

I don't know if the HFA_12 CP resolves this problem.

Bye
Corrado

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On Behalf Of Stephen
W. Stewart
Sent: mercoledì, 16. febbraio 2005 21:32
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] VPN-1 Edge X Setup


Another piece of the puzzle to think about.

When trying to connect to a Service Center my FW-1 log shows the
following message:

message_info: Implied rule encryption failure: Different community ID,
possible NAT problem (VPN Error code 02)

Steve


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Ray
Sent: Wednesday, February 16, 2005 10:12 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] VPN-1 Edge X Setup

Check out 5.0.50. It fixed a bunch of VPN problems in 5.0.43 including a
memory leak that made me have to reboot mine every few days.

Ray

>From: Russell Aspinwall <russell.aspinwall AT FLOMERICS.CO DOT UK>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Subject: Re: [FW-1] VPN-1 Edge X Setup
>Date: Wed, 16 Feb 2005 14:15:15 +0000
>
>Hi,
>
>I have used a variety of firmware versions on the Edge and found
>v5.0.43x a vast improvement since v4.0.93x and many in between. Site to

>Site VPNs offer a significantly better level of performance and
>reliability, primarily NGAI R55 to Edge, Edge to Edge VPNs have not
>been a problem.
>
>Stephen W. Stewart wrote:
>>Hi All,
>>
>>Trying to set up an Edge X box for a remote office in Site to Site
mode.
>>I currently have 2 other sites that are working just fine.  The only
>>difference with the new X is that it will have a static IP and the two

>>that are working are using DHCP.
>>
>>I can create the site and then look in the reports section at the VPN
>>Tunnels section and nothing shows up.  If I ping the internal IP of
>>the X box a tunnel is established and the X box replies.  I cannot
>>ping the other way into the "home" network behind the FW-1.
>>
>>The established tunnel shows IKE (Phase 1): 3DES/SHA1.
>>
>>Any ideas?
>>
>>Thanks
>>
>>
>>Stephen W. Stewart
>>
>>=================================================
>>To set vacation, Out-Of-Office, or away messages, send an email to
>>LISTSERV AT amadeus.us.checkpoint DOT com
>>in the BODY of the email add:
>>set fw-1-mailinglist nomail
>>=================================================
>>To unsubscribe from this mailing list, please see the instructions at
>>http://www.checkpoint.com/services/mailing.html
>>=================================================
>>If you have any questions on how to change your subscription options,
>>email fw-1-owner AT ts.checkpoint DOT com
>>=================================================
>>
>
>
>--
>Regards
>
>Russell
>
>=================================================
>To set vacation, Out-Of-Office, or away messages, send an email to
>LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your subscription options,
>email fw-1-owner AT ts.checkpoint DOT com
>=================================================

=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


******************************************************
Visit: http://www.rtsi.ch
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify postmaster AT rtsi DOT ch

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [FW-1] VPN-1 Edge X Setup, (continued) Re: [FW-1] VPN-1 Edge X Setup, Ray [FW-1] VPN-1 x Cisco Router Rules, Marcus Vinicius de Oliveira Azevedo Re: [FW-1] VPN-1 Edge X Setup, Russell Aspinwall Re: [FW-1] VPN-1 Edge X Setup, Ray Re: [FW-1] VPN-1 Edge X Setup, Russell Aspinwall [FW-1] viewing rule base offline for fp3, Robert Fowler Re: [FW-1] VPN-1 Edge X Setup, Stephen W. Stewart Re: [FW-1] VPN-1 Edge X Setup, Stephen W. Stewart Re: [FW-1] VPN-1 Edge X Setup, Stephen W. Stewart Re: [FW-1] VPN-1 Edge X Setup, Ray Re: [FW-1] VPN-1 Edge X Setup, Motta Corrado <= Re: [FW-1] VPN-1 Edge X Setup, Stephen W. Stewart Re: [FW-1] VPN-1 Edge X Setup, Ray Re: [FW-1] VPN-1 Edge X Setup, Stephen W. Stewart Re: [FW-1] VPN-1 Edge X Setup, Stephen W. Stewart Re: [FW-1] VPN-1 Edge X Setup, Chris H Re: [FW-1] VPN-1 Edge X Setup, Stephen W. Stewart Re: [FW-1] VPN-1 Edge X Setup, Ray Re: [FW-1] VPN-1 Edge X Setup, Stephen W. Stewart

Previous by Date:	Re: [FW-1] Redhat AS cluster and firewall-1 NG ai R55, Shane Presley
Next by Date:	[FW-1] web intelligence Problem, <Yasin Yasin>
Previous by Thread:	Re: [FW-1] VPN-1 Edge X Setup, Ray
Next by Thread:	Re: [FW-1] VPN-1 Edge X Setup, Stephen W. Stewart
Indexes:	[Date] [Thread] [Top] [All Lists]