Re: SEF 70 to FW1 site to site VPN

[Jim MacLeod <jmacleod () hotpop com>]

Hello,

What you mention is a perennial problem with CheckPoint, even between 
CheckPoint firewalls.

The time-honored solutions include:

Change the Firewall object to list the external address on the main page, 
and make sure the other addresses are also listed in the interfaces page.

Change the hosts file on the FireWall-1 machine so that its hostname 
resolves to its external address.

You can also refer the CheckPoint administrator to the following document:
http://www.phoneboy.com/fom-serve/cache/163.html

Best Regards,
-Jim MacLeod

At 01:23 AM 3/20/2003, Ove Fagerheim wrote:
> Can someone plese help me out here.
>
> I'm trying to establish a site2site VPN from my SEF to a FW1. We are using
> ip address as phase 1 ID. When the FW1 tries to connect I see on my SEF a
> connection attempt from FW1's external interface. Then the FW1 sends his
> *internal* ip as phase 1 ID, my SEF is expecting the external ip, and is not
> honoring the request.
>
> The administrator of the FW1 seems to be unable to solve this issue, and has
> asked me to change various timeout values on my side, probabely as a shot in
> the dark.
>
> Unfortunately, I don't know the FW1 version in question.
> Does anyone know how to solv this?
>
> Best regards
> Ove Fagerheim
> Helgelandskraft AS
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards