RE: [fw-wiz] Cisco 506E and CP NG VPN Problems
From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 08/11/03
- Previous message: Strydom, Willie: "RE: [fw-wiz] Cisco PIX config beautifier???"
- Maybe in reply to: Jorge Valenzuela S.: "[fw-wiz] Cisco 506E and CP NG VPN Problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Jorge Valenzuela S." <jvalen@alefdata.cl> Date: Mon, 11 Aug 2003 09:49:22 -0400
I don't believe that the problem is with the PIX configuration. More likely, the Check Point firewall has a rule for the VPN tunnel that looks something like this:
SRC DST IF VIA SERVICE ACTION
[your_net] [his_net] [vpn_comm] * Any accept
The Check Point firewall needs another rule that switches the source and destination objects. For him to be able to initiate a VPN tunnel to your PIX, his firewall needs to have a rule where his network is the source and yours is the destination that is "IF VIA" the same VPN extranet community as the existing rule. For example:
SRC DST IF VIA SERVICE ACTION
[his_net] [your_net] [vpn_comm] * Any accept
Hope that helps!
PaulM
> -----Original Message-----
> We have a CISCO 506E to raise a VPN to our customer Cehckpoint NG FW,
> but after severa hours of inactivity if our customer try to conect to
> our server through the VPN he cant see our server, but if we ping to his
> workstation from our server we can see hiw workstation, after that he
> also can se our server an works normally....until he disconect for
> several hours.
>
> any idea ?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Strydom, Willie: "RE: [fw-wiz] Cisco PIX config beautifier???"
- Maybe in reply to: Jorge Valenzuela S.: "[fw-wiz] Cisco 506E and CP NG VPN Problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
