[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] VPN-1 250 -vs- VPN-1 500

To: "Brazil, Jody" <jody@kcfishnet.com>, 'Jerald Josephs' <jerald.josephs@iprg.nokia.com>
Subject: RE: [FW1] VPN-1 250 -vs- VPN-1 500
From: frank darden <fdarden@locked.com>
Date: Mon, 03 May 1999 19:15:00 -0400
Cc: fw-1-mailinglist@lists.us.checkpoint.com


Have you set rule 0 to "before last"? "The packet" is not sufficient. What
type of packet, and what type of service? I have this type of config
running in several locations. The fact that you arent seeing anything in
the log leads me to knee jerk and think that rule 0 is allowing the traffic
before it hits your encrypt rule. Of course this is speculation on my part,
but its worth looking at.

Frank

At 12:11 PM 5/3/99 -0500, Brazil, Jody wrote:"
>
>There appears to be an issue with the Remote link (Nokia) version 3.0.4
>(Check Point version 3.0b SP8) using manual IPSec to a Solaris Firewall.
>The symptom is this:
>
>The packet gets sent from the network behind the Nokia to a machine
>behind the Solaris Firewall and appears to get properly encrypted.  This
>is visible in the Nokia logs.  
>
>Nothing appears in the Solaris firewall logs!  
>
>Running snoop on the Solaris firewall shows several things:
>	
>	First, the packet does make it to the Solaris Firewall
>	Second, the packet is encapsulated (The source is the Nokia IP,
>the destination is the Solaris firewall IP)
>
>
>This all looks good, but the Solaris Firewall is apparently not
>decrypting the packet (for no apparent reason).
>
>It is worth noting that in the release notes for version 3.0.1 it
>states, "Problems with IPSEC between Nokia and other platforms (NT,
>Solaris)."
>
>A very vague and unhelpful release note!
>
>If anyone has any information regarding this issue, your help would be
>greatly appreciated.
>
>Jody Brazil
>
>
>
>===========================================================================
=====
>     To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
>
>
Mission Critical Systems. Your network security solutions provider
http://www.locked.com
The sender of this email is responsible for its content. 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] SP4/Firewall 3.0b
Next by Date: [FW1] Can't Unlock my FW server
Prev by thread: RE: [FW1] VPN-1 250 -vs- VPN-1 500
Next by thread: RE: [FW1] VPN-1 250 -vs- VPN-1 500
Index(es):
- Date
- Thread