Re: [fw-wiz] SEF 70 to FW1 site to site VPN

From: Jim MacLeod (jmacleod@hotpop.com)
Date: 03/20/03

Next message: stefmit: "Re: [fw-wiz] Securing www server w/Oracle back end."

Previous message: George J. Jahchan: "RE: [fw-wiz] Layer 3-7 Firewall."
In reply to: Ove Fagerheim: "[fw-wiz] SEF 70 to FW1 site to site VPN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Ove Fagerheim <ove.fagerheim@helgkraft.no>
From: Jim MacLeod <jmacleod@hotpop.com>
Date: Thu, 20 Mar 2003 08:32:05 -0800

Hello,

What you mention is a perennial problem with CheckPoint, even between
CheckPoint firewalls.

The time-honored solutions include:

Change the Firewall object to list the external address on the main page,
and make sure the other addresses are also listed in the interfaces page.

Change the hosts file on the FireWall-1 machine so that its hostname
resolves to its external address.

You can also refer the CheckPoint administrator to the following document:
http://www.phoneboy.com/fom-serve/cache/163.html

Best Regards,
-Jim MacLeod

At 01:23 AM 3/20/2003, Ove Fagerheim wrote:
>Can someone plese help me out here.
>
>I'm trying to establish a site2site VPN from my SEF to a FW1. We are using
>ip address as phase 1 ID. When the FW1 tries to connect I see on my SEF a
>connection attempt from FW1's external interface. Then the FW1 sends his
>*internal* ip as phase 1 ID, my SEF is expecting the external ip, and is not
>honoring the request.
>
>The administrator of the FW1 seems to be unable to solve this issue, and has
>asked me to change various timeout values on my side, probabely as a shot in
>the dark.
>
>Unfortunately, I don't know the FW1 version in question.
>Does anyone know how to solv this?
>
>Best regards
>Ove Fagerheim
>Helgelandskraft AS
>_______________________________________________
>firewall-wizards mailing list
>firewall-wizards@honor.icsalabs.com
>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: stefmit: "Re: [fw-wiz] Securing www server w/Oracle back end."

Previous message: George J. Jahchan: "RE: [fw-wiz] Layer 3-7 Firewall."
In reply to: Ove Fagerheim: "[fw-wiz] SEF 70 to FW1 site to site VPN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]