Firewall Wizards mailing list archives
RE: Cisco 506E and CP NG VPN Problems
From: "Melson, Paul" <PMelson () sequoianet com>
Date: Mon, 11 Aug 2003 09:49:22 -0400
I don't believe that the problem is with the PIX configuration. More likely, the Check Point firewall has a rule for the VPN tunnel that looks something like this: SRC DST IF VIA SERVICE ACTION [your_net] [his_net] [vpn_comm] * Any accept The Check Point firewall needs another rule that switches the source and destination objects. For him to be able to initiate a VPN tunnel to your PIX, his firewall needs to have a rule where his network is the source and yours is the destination that is "IF VIA" the same VPN extranet community as the existing rule. For example: SRC DST IF VIA SERVICE ACTION [his_net] [your_net] [vpn_comm] * Any accept Hope that helps! PaulM
-----Original Message----- We have a CISCO 506E to raise a VPN to our customer Cehckpoint NG FW, but after severa hours of inactivity if our customer try to conect to our server through the VPN he cant see our server, but if we ping to his workstation from our server we can see hiw workstation, after that he also can se our server an works normally....until he disconect for several hours. any idea ?
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco 506E and CP NG VPN Problems Jorge Valenzuela S. (Aug 07)
- Re: Cisco 506E and CP NG VPN Problems Dave Rinker (Aug 10)
- <Possible follow-ups>
- RE: Cisco 506E and CP NG VPN Problems Melson, Paul (Aug 13)