[fw-wiz] Checkpoint to Cisco - Hardware VPN works, software doesn't

From: Northrup, Tyler (tnorthru_at_usd.edu)
Date: 12/12/03

  • Next message: Petreski, Samuel: "RE: [fw-wiz] Open Source Personal Firewall?"
    To: firewall-wizards@honor.icsalabs.com
    Date: Fri, 12 Dec 2003 08:13:28 -0600

    I have a Checkpoint NG FP3 at one site and a Cisco 3030 concentrator at the
    other. There is a hardware-based ipsec tunnel between the checkpoint and
    concentrator with network lists allowing 5 systems to communicate between
    the networks (see below). This tunnel works fine.

    Server1 - |
    Server2 - - - CHECKPOINT <> CONCENTRATOR - - - Server1
    Server3 - | | | - Server2
                    software vpn

    However, since configuring this tunnel, I have not been able to initiate
    software vpn connections from behind the checkpoint to the concentrator
    (worked previously). These connections originate on separate network off
    the checkpoint to the cisco concentrator. It worked fine prior to
    implementation of the IPSEC tunnel. I know the traffic gets to the
    checkpoint, but it either does not leave, or it leaves via the tunnel (which
    it should not as these systems are not part of the network lists / rules)
    and gets dropped.

    I adminster the concentrator, but do not directly support the Checkpoint.
    Any direction would be appreciated as I am working with the other
    administrator to solve the issue.


    Tyler Northrup
    IT Security Officer
    The University of South Dakota
    firewall-wizards mailing list

  • Next message: Petreski, Samuel: "RE: [fw-wiz] Open Source Personal Firewall?"