Brooks, George CTR a écrit :
I am trying to configure a Site-to-Site VPN on a Nokia IP380 running
Checkpoint R55. I want to allow user from the Internet that need to go
to a particular subnet to go through my external firewall interface.
This traffic should go through the tunnel to a NetScreen firewall.
Hi,
basically, you need to have a "symetric" configuration.
you should have defined on your netscreen a vpn entry that defines the
local network behind the netscreen,
the remote network behind the vpn peer gateway, and the settings for
phase1 and 2.
you simply need to check on your smartcenter if you declared the vpn
community with the same settings, ie
phase1, phase2, hash, etc.
you can also set manually the "vpn domain" on checkpoint gateway in the
properties. this entry should
be set to the network behind the netscreen.
for debug, please run "vpn debug trunc" on the nokia and check the
content of the $FWDIR/log/ike.elg.
you can also run debugging on the netscreen.
for screenos 5.0 and above, you can use :
debug vpn basic
clear db
... try to establish the vpn ...
get dbuf stream
you can also use the "vpn tu" on nokia and the "get sa" or "get ike"
commands on the netscreen.
hope this'll help
I believe that I have everything configured. The tunnel seems to be
established. However, when I sit outside my firewall and try to get to
the internal network, the checkpoint firewall seems to try to send the
data down the network directly instead of through the tunnel. I feel
that I am missing something.
Thanks,
George Brooks
BAE Systems @ Strategic Systems Programs
703-601-9146
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
___________________________________________________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses
http://fr.answers.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
| 