Re: [FW-1] IPSec VPN's

Subject:	Re: [FW-1] IPSec VPN's
From:	Lars Troen <Lars.Troen AT SIT DOT NO>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 22 Mar 2006 10:58:40 +0100

Bruce,
Check that the ip addresses that enter the vpn's (from both sides) match
the encryption domains and that any NATing is correctly setup (or
disabled).

Lars 

> -----Original Message-----
> From: Mailing list for discussion of Firewall-1 
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf 
> Of Bruce Thom
> Sent: 22. mars 2006 01:53
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] IPSec VPN's
> 
> Reinhard,
> 
> Different managements, so external managed firewall nodes 
> defined on each end. VPN's configured, using 3des for key 
> exchange, using a shared secret. Meshed-VPN setup and 
> configured, and appear to be identical on both sides, except 
> externally managed firewall are oppositly configured in 
> oposing firewalls.
> 
> I keep getting "no response from peer", and "no valid SA" in 
> the VPN logs.
> 
> Bruce 
> 
> -----Original Message-----
> From: Reinhard Stich [mailto:r.stich AT INTERNET-SECURITY DOT AT]
> Sent: Wednesday, March 22, 2006 11:15 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] IPSec VPN's
> 
> At 22:22 21.03.2006, you wrote:
> >  Folk,
> >
> >Looking for the configuration and setup of a IPSec VPN between two NG
> >R55 Firewalls.
> >
> >Can someone point me in the right direction ?
> 
> what's the problem?
> 
> are the gateways managed by the same mgmt or with different 
> managements?
> are there already VPNs configured?
> 
> first of all you have define that you have VPN on the boxes, 
> then go to the VPN-tab and configure a meshed-VPN community.
> 
> cheers
> reinhard
> 
> >Thanks
> >
> >Bruce
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages, send an email to 
> >LISTSERV AT amadeus.us.checkpoint DOT com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your subscription 
> options, 
> >email fw-1-owner AT ts.checkpoint DOT com 
> >=================================================
> 
> --
> Reinhard Stich  ASSIST  R.Stich AT internet-security DOT at
> Internet Security AG,      1150 Wien, Johnstrasse 29
> Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages, send an 
> email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your subscription 
> options, email fw-1-owner AT ts.checkpoint DOT com 
> =================================================
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages, send an 
> email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your subscription 
> options, email fw-1-owner AT ts.checkpoint DOT com 
> =================================================
> 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] IPSec VPN's, Bruce Thom Re: [FW-1] IPSec VPN's, Reinhard Stich Re: [FW-1] IPSec VPN's, Lars Troen Re: [FW-1] IPSec VPN's, Bruce Thom Re: [FW-1] IPSec VPN's, Reinhard Stich Re: [FW-1] IPSec VPN's, Jean-Francois Gobin Re: [FW-1] IPSec VPN's, Lars Troen <=

Previous by Date:	Re: [FW-1] Manual NAT on SPLAT, Bhavin Gandhi
Next by Date:	Re: [FW-1] Nokia IP Clustering and RIP, Jean-Francois Gobin
Previous by Thread:	Re: [FW-1] IPSec VPN's, Jean-Francois Gobin
Next by Thread:	[FW-1] SmartReporter Distribute Installation & license, Alexander Simbun
Indexes:	[Date] [Thread] [Top] [All Lists]