Firewall Wizards mailing list archives
Re: SEF 70 to FW1 site to site VPN
From: Jim MacLeod <jmacleod () hotpop com>
Date: Thu, 20 Mar 2003 08:32:05 -0800
Hello,What you mention is a perennial problem with CheckPoint, even between CheckPoint firewalls.
The time-honored solutions include:Change the Firewall object to list the external address on the main page, and make sure the other addresses are also listed in the interfaces page.
Change the hosts file on the FireWall-1 machine so that its hostname resolves to its external address.
You can also refer the CheckPoint administrator to the following document: http://www.phoneboy.com/fom-serve/cache/163.html Best Regards, -Jim MacLeod At 01:23 AM 3/20/2003, Ove Fagerheim wrote:
Can someone plese help me out here. I'm trying to establish a site2site VPN from my SEF to a FW1. We are using ip address as phase 1 ID. When the FW1 tries to connect I see on my SEF a connection attempt from FW1's external interface. Then the FW1 sends his *internal* ip as phase 1 ID, my SEF is expecting the external ip, and is not honoring the request. The administrator of the FW1 seems to be unable to solve this issue, and has asked me to change various timeout values on my side, probabely as a shot in the dark. Unfortunately, I don't know the FW1 version in question. Does anyone know how to solv this? Best regards Ove Fagerheim Helgelandskraft AS _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- SEF 70 to FW1 site to site VPN Ove Fagerheim (Mar 20)
- Re: SEF 70 to FW1 site to site VPN Jim MacLeod (Mar 20)