Re: [FW-1] Site 2 site VPN between Microsoft ISA Firewall to Checkpoint NGX R65 incoming

Thu, 23 Dec 2010 13:44:59 -0800 

Hello, I have configured 3  vpns using ISA and Checkpoint, the major problem is 
to configure properly the ISA server. Overall, check the Firewall rules at ISA 
server site, maybe packets are dropping at ISA server before  get to the end 
user. If you see encrypted/decrypted traffic at your side( with the right 
source and destination) it means Phase 2 is UP...I'll see if I can get you a 
printscreen of the ISA config.


Rgds..





-----Mensaje original-----
De: Mailing list for discussion of Firewall-1 
[mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] En nombre de Peter Addy
Enviado el: Thursday, December 23, 2010 3:12 PM
Para: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Asunto: [FW-1] Site 2 site VPN between Microsoft ISA Firewall to Checkpoint NGX 
R65 incoming

Hi,

has anyone out there had any experience with setting up a VPN between a
Checkpoint NGX R65 with a Microsoft ISA Firewall.

We have configured our Checkpoint as usual but with tunnel management set as per
host.

Strange thing is we can do the key exchange, exchange hosts, and can even see
the application being tested incoming, the packets comes into our firewall which
is then decrypted, this then Nat's correctly and so forth to the destination
server, so all looks fine

I even do a tcpdump on the internal interface on our firewall and can see
packets being exchange between the translation source IP and translated
destination server, however the user does not get any response back.

If all looks fine and address translation is happening and we do not see any
errors in our logs, then does anyone please know what might be the problem?

Has anyone out there had any experience with setting up a VPN between a
Checkpoint NGX R65 with a Microsoft ISA Firewall?

We have configured our Checkpoint as usual but with tunnel management set as per
host for this one device

The user  below gets  the messages in his ISA Firewall log

Log type: Firewall service
Status: A connection was closed because no SYN / ACK response is received from
the server


Log type: Firewall service
Status: A connection attempt failed because the connected party did not properly
respond after a certain period of time, or established connection failed because
connected host has failed to respond
Is there anything I have missed, why would the user not get a response back?
Also if we do a tcpdump on the external interface of the firewall for the host
address connecting, not the vpn gateway address, would we see this, or is this
within the tunnel and the only thing we should see is ISAKAMP, reason I ask is
that we do see on the external interface connections on say port 3389, surely
this is not right
Thanks





Scanned by Check Point Total Security Gateway.


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

Scanned by Check Point Total Security Gateway.

Notice of Confidentiality:

The information contained in this communication is intended solely for the use 
of the individual or entity to whom it is addressed and others authorized to 
receive it. It may contain confidential or legally privileged information. If 
you are not the intended recipient you are hereby notified that any disclosure, 
copying, distribution or taking any action in reliance on the contents of this 
information is strictly prohibited and may be unlawful. If you have received 
this communication in error, please notify us immediately by responding to this 
email and then delete it from your system.
IƧ��[�(^rC��{S�֥I�.�+r�^���

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

Reply via email to