Re: [FW-1] IPSec VPN's

[Jean-Francois Gobin [Permanent Link]]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wait wait wait ...

Tcpdump can be an annoyance because it may pick the packets before the 
firewall processes them.
Watch in your log file or use "fw monitor" instead.

Normally, UDP/500 is "ruled" by an implicit rule. Look after it in "view 
- --> implicit rules"
jF

On Wed, 22 Mar 2006, Reinhard Stich wrote:

> hi,
>
> please check if udp/500 (ike) und IP-protocol 50 (ESP) are permited on your 
> firewall and the remote firewall.
> you can check with a tcpdump if the packets are transmited ...
>
> cheers
> reinhard
>
> At 01:52 22.03.2006, you wrote:
> > Reinhard,
> >
> > Different managements, so external managed firewall nodes defined on
> > each end. VPN's configured, using 3des for key exchange, using a shared
> > secret. Meshed-VPN setup and configured, and appear to be identical on
> > both sides, except externally managed firewall are oppositly configured
> > in oposing firewalls.
> >
> > I keep getting "no response from peer", and "no valid SA" in the VPN
> > logs.
> >
> > Bruce
> >
> > -----Original Message-----
> > From: Reinhard Stich [mailto:r.stich AT INTERNET-SECURITY DOT AT]
> > Sent: Wednesday, March 22, 2006 11:15 AM
> > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > Subject: Re: [FW-1] IPSec VPN's
> >
> > At 22:22 21.03.2006, you wrote:
> > >  Folk,
> > >
> > >Looking for the configuration and setup of a IPSec VPN between two NG
> > >R55 Firewalls.
> > >
> > >Can someone point me in the right direction ?
> >
> > what's the problem?
> >
> > are the gateways managed by the same mgmt or with different managements?
> > are there already VPNs configured?
> >
> > first of all you have define that you have VPN on the boxes, then go to
> > the VPN-tab and configure a meshed-VPN community.
> >
> > cheers
> > reinhard
> >
> > >Thanks
> > >
> > >Bruce
> > >
> > >=================================================
> > >To set vacation, Out-Of-Office, or away messages, send an email to
> > >LISTSERV AT amadeus.us.checkpoint DOT com
> > >in the BODY of the email add:
> > >set fw-1-mailinglist nomail
> > >=================================================
> > >To unsubscribe from this mailing list,
> > >please see the instructions at
> > >http://www.checkpoint.com/services/mailing.html
> > >=================================================
> > >If you have any questions on how to change your subscription options,
> > >email fw-1-owner AT ts.checkpoint DOT com
> > >=================================================
> >
> > --
> > Reinhard Stich  ASSIST  R.Stich AT internet-security DOT at
> > Internet Security AG,      1150 Wien, Johnstrasse 29
> > Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages, send an email to
> > LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your subscription options,
> > email fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> --
> Reinhard Stich  ASSIST  R.Stich AT internet-security DOT at
> Internet Security AG,      1150 Wien, Johnstrasse 29
> Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
- ----------
Jean-Francois Gobin - Administrateur gobinjf.be
http://www.gobinjf.be   mailto:gobin AT gobinjf DOT be
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFEIQrSkkg3QInH2uURAmcEAJwJa+n5I+n5J7Mts/I88URfdNUnFQCeNIcn
Vj+mh87EO9/ZB2hWUEQMyr4=
=IKef
-----END PGP SIGNATURE-----

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================