does not work. Anymore ideas?
cisco4ng
"Joseph Carlo C. Quiambao" <jcquiambao AT GMAIL DOT COM> wrote:
Accept ICMP requests: before last ?
On 9/24/06, cisco4ng wrote:
>
> LAN_A---(i)Pix(o)---Internet---(Ext)CP_FW(Int)---LAN_B
>
> I have a site-to-site VPN between Cisco Pix and Checkpoint
> Firewall NGx. Traffics are encrypted bewtween LAN_A
> and VLAN_B without any NAT translation. Everything
> is working properly. I am using VPN simplified mode.
> One of the requirements is that LAN_A must be able
> to ping LAN_B and that the icmp traffics between LAN_A
> and LAN_B must be encrypted via IPSec
>
> I also have a requirement from the customer that from the
> Pix "outside" interface, the customer wants to be able
> to ping the Checkpoint "External" interface and that
> the icmp traffic will not be encrypted. The problem is
> that Checkpoint, by default, also includes the CP firewall
> itself, as part of the encryption domain. Yes, the icmp
> from the pix outside interface, will arrive to the CP
> External interface as "clear" but the CP expects this
> traffic to be encrypted.
>
> Well, I can exclude "icmp" from the VPN traffics but
> it also means that LAN_A, will not be able to ping LAN_B.
> With VPN "traditional" mode, the Checkpoint FW itself, by
> default, is NOT part of encryption domain but in
> simplified mode, it is. Is there a way to exclude the
> Checkpoint itself from the encryption domain in NGx in
> VPN "simplified" mode?
>
> Thanks.
> cisco4ng
>
>
> ---------------------------------
> Do you Yahoo!?
> Everyone is raving about the all-new Yahoo! Mail.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
---------------------------------
Get your email and more, right on the new Yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
