sounds even worser. The vouching CISSP has to be aware of your work
history, so, unless you happen to work directly with a CISSP, how does he
verify your work history and job related requirements in the security
realm?
Thanks,
Ron DuFresne
On Wed, 15 May 2002, Security Related wrote:
> That sounds like a bad idea, basically it means that
> if you don't already know a CISSP (of which there are
> not all THAT many), you are in a position of having
> to convince someone who doesn't know you to vouch for
> you. sounds great. Don't get me wrong, I like that
> they want the cert to retain it's value I just don't
> know that I like that method.
>
> ES
> ---
> ----Original Message Follows----
> From: "Bill Royds" <[EMAIL PROTECTED]>
> To: "John Maestrale" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: RE: CISSP
> Date: Tue, 14 May 2002 23:16:06 -0400
>
> It may be of interest the (ISC)2, the CISSP certificate granting body,
> intends to ask for an already certified CISPP to vouch for your experience
> before granting you the certification. This will probably start as of June 1
> this year. They are really tightening up the certification rules to make it
> much more than a memory work exercise.
> Bill Royds, CISSP
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of John Maestrale
> Sent: Tue May 14 2002 16:27
> To: '[EMAIL PROTECTED]'
> Subject: RE: CISSP
>
>
> Don't bother with the classes they are horrible. Use the study guides from
> SRVBOOKS.
>
> John Maestrale,SSCP
> Network Engineer
> National Board of Medical Examiners
> email: [EMAIL PROTECTED]
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 14, 2002 2:34 PM
> To: [EMAIL PROTECTED]
> Subject: Firewalls digest, Vol 1 #763 - 19 msgs
>
>
> Send Firewalls mailing list submissions to
> [EMAIL PROTECTED]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.gnac.net/mailman/listinfo/firewalls
> or, via email, send a message with subject or body 'help' to
> [EMAIL PROTECTED]
>
> You can reach the person managing the list at
> [EMAIL PROTECTED]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Firewalls digest..."
>
>
> Today's Topics:
>
> 1. Re: CISSP (ecklesd)
> 2. Re: CISSP (ecklesd)
> 3. Any experience with CheckPoint VPN client getting through Cisco PIX
> firewall? ([EMAIL PROTECTED])
> 4. NT Syslog client ([EMAIL PROTECTED])
> 5. Re: Any experience with CheckPoint VPN client getting through Cisco
> PIXfirewall? (Mikael Olsson)
> 6. RE: NT Syslog client (Clark, Steve)
> 7. Re: Firewalls digest, Vol 1 #762 - 8 msgs (Guojia Zhang)
> 8. Re: NT Syslog client (Mikael Olsson)
> 9. Re: Logging to Ciscoworks (Mikael Olsson)
> 10. Re: NT Syslog client (Bret Watson)
> 11. Winroute Pro (Vishal Mukherjee)
> 12. Re: CISSP ([EMAIL PROTECTED])
> 13. CheckPoint FireWall-1 (NG) on Nokia's IP 530 throughput question
> ([EMAIL PROTECTED])
> 14. CheckPoint FireWall-1 (NG) on Nokia's IP 530 throughput question
> ([EMAIL PROTECTED])
> 15. Re: Any experience with CheckPoint VPN client getting through Cisco
> PIXfirewall? ([EMAIL PROTECTED])
> 16. RE: Any experience with CheckPoint VPN client getting through Cisco
> PIXfirewall? (Ben Nagy)
>
> --__--__--
>
> Message: 1
> From: "ecklesd" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: Re: CISSP
> Date: Tue, 14 May 2002 06:33:27 -0400
>
> Chris,
>
> You can get a copy of the Study Guide by going to
> http://www.isc2.org/studyguide
>
> You will need to apply, but it does not cost anything.
>
> Lance
>
> ----- Original Message -----
> From: "Chris Orr" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, May 08, 2002 5:15 PM
> Subject: CISSP
>
>
> > I've been reading up on the CISSP. While I don't have the $$$$ to attend
> classes, can some of you recommend some books that you have used to obtain
> your designation.
> > Thanks,
> > Chris
> > _______________________________________________
> > Firewalls mailing list
> > [EMAIL PROTECTED]
> > For Account Management (unsubscribe, get/change password, etc) Please go
> to:
> > http://lists.gnac.net/mailman/listinfo/firewalls
> >
>
>
> --__--__--
>
> Message: 2
> From: "ecklesd" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: Re: CISSP
> Date: Tue, 14 May 2002 06:35:10 -0400
>
> Actually checking that again I see that they have changed the process ..
> here is the new link:
>
> https://www.isc2.org/cgi-bin/request_studyguide.cgi
>
> Lance
> ----- Original Message -----
> From: "Chris Orr" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, May 08, 2002 5:15 PM
> Subject: CISSP
>
>
> > I've been reading up on the CISSP. While I don't have the $$$$ to attend
> classes, can some of you recommend some books that you have used to obtain
> your designation.
> > Thanks,
> > Chris
> > _______________________________________________
> > Firewalls mailing list
> > [EMAIL PROTECTED]
> > For Account Management (unsubscribe, get/change password, etc) Please go
> to:
> > http://lists.gnac.net/mailman/listinfo/firewalls
> >
>
>
> --__--__--
>
> Message: 3
> To: [EMAIL PROTECTED]
> Subject: Any experience with CheckPoint VPN client getting through Cisco PIX
> firewall?
> From: [EMAIL PROTECTED]
> Date: Tue, 14 May 2002 12:52:15 +0200
>
> This is a multipart message in MIME format.
> --=_alternative 003B7ECCC1256BB9_=
> Content-Type: text/plain; charset="us-ascii"
>
> Hi,
>
> The idea is to install CheckPoint VPN-1 SecureClients (v4.1 SP5 3DES) on
> external network PCs to have them vpn through the remote network Cisco PIX
> firewall to our CheckPoint VPN-1/FW-1 (currently version 4.1 SP5).
>
> I'm lookiing for possible issues with encrypted CP packets getting through
> Cisco PIX firewall - any ideas, please ?
>
> Thanks,
> Artur
> --=_alternative 003B7ECCC1256BB9_=
> Content-Type: text/html; charset="us-ascii"
>
>
> <br><font size=2 face="sans-serif">Hi,</font>
> <br>
> <br><font size=2 face="sans-serif">The idea is to install CheckPoint VPN-1
> SecureClients (v4.1 SP5 3DES) on external network PCs to have them vpn
> through the remote network Cisco PIX firewall to our CheckPoint VPN-1/FW-1
> (currently version 4.1 SP5).</font>
> <br>
> <br><font size=2 face="sans-serif">I'm lookiing for possible issues with
> encrypted CP packets getting through Cisco PIX firewall - any ideas, please
> ?</font>
> <br>
> <br><font size=2 face="sans-serif">Thanks,<br>
> Artur</font>
> --=_alternative 003B7ECCC1256BB9_=--
>
> --__--__--
>
> Message: 4
> Subject: NT Syslog client
> To: [EMAIL PROTECTED]
> From: [EMAIL PROTECTED]
> Date: Tue, 14 May 2002 12:25:13 +0100
>
> Hi All,
> I am still looking for an NT syslog client (preferably
> "freeware")............. does anybody know of one ?
> All I need to be able to do is to send a user-generated record to a syslog
> server on another platform using port 514.
> Thanks, Gordon
>
>
> --__--__--
>
> Message: 5
> Date: Tue, 14 May 2002 14:00:20 +0200
> From: Mikael Olsson <[EMAIL PROTECTED]>
> Organization: Clavister AB
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: Any experience with CheckPoint VPN client getting through Cisco
>
> PIXfirewall?
>
>
> [EMAIL PROTECTED] wrote:
> >
> > The idea is to install CheckPoint VPN-1 SecureClients (v4.1 SP5 3DES) on
> > external network PCs to have them vpn through the remote network Cisco
> > PIX firewall to our CheckPoint VPN-1/FW-1 (currently version 4.1 SP5).
> >
> > I'm lookiing for possible issues with encrypted CP packets getting
> > through Cisco PIX firewall - any ideas, please ?
>
> Two "if"s here:
> - IF the pix is picky about layer size mismatches
> and
> - IF checkpoint still hasn't fixed their broken encapsulation,
>
> the problem is probably checkpoint encapsulation building b0rken
> datagrams. I don't remember the specifics, but we got a support
> case a while ago with someone running checkpoint VPNs through our
> boxes, and having our stuff complain about layer size mismatches.
> I think it was something like the IP header saying the datagram
> had 1480 bytes IP data and the UDP header saying the total UDP
> length was only 1472 bytes. (These two numbers should be identical).
>
> As I said, I'm not 100% sure about the specifics here. I could
> go dig in the support DB if you need more info.
>
> /Mikael
>
> --
> Mikael Olsson, Clavister AB
> Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
> Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
> Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
>
> "Senex semper diu dormit"
>
> --__--__--
>
> Message: 6
> From: "Clark, Steve" <[EMAIL PROTECTED]>
> To: #Firewalls <[EMAIL PROTECTED]>
> Subject: RE: NT Syslog client
> Date: Tue, 14 May 2002 08:08:25 -0400
>
> Kiwi Syslog is free.
>
> Steve Clark
> Clark Systems Support, LLC
> AVIEN Charter Member
> "Who's watching your network?"
> www.clarksupport.com
> 301-610-9584 voice
> 240-465-0323 Efax
>
> The data furnished in connection with this document is deemed by Clark
> Systems Support, LLC., to contain proprietary and privileged information and
> shall not be disclosed or used for the benefit of others without the prior
> written permission of Clark Systems Support, LLC.
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 14, 2002 7:25 AM
> To: [EMAIL PROTECTED]
> Subject: NT Syslog client
>
> Hi All,
> I am still looking for an NT syslog client (preferably
> "freeware")............. does anybody know of one ?
> All I need to be able to do is to send a user-generated record to a syslog
> server on another platform using port 514.
> Thanks, Gordon
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> For Account Management (unsubscribe, get/change password, etc) Please go to:
> http://lists.gnac.net/mailman/listinfo/firewalls
>
> --__--__--
>
> Message: 7
> Subject: Re: Firewalls digest, Vol 1 #762 - 8 msgs
> To: [EMAIL PROTECTED]
> From: "Guojia Zhang" <[EMAIL PROTECTED]>
> Date: Tue, 14 May 2002 08:09:19 -0400
>
>
> Hi, I'm trying to evaluate low-end models from NetScreen, Cisco, and
> Nokia...as i'm new to firewalls, i would greatly appreciate some direction.
> from a price/performance and managebility perspective, which would you
> recommend. The network i have in mind is a headquarter LAN with 20 users,
> one branch office with 6 users, and 4 telecommuters. Any good/bad
> experiences with any vendor?? Thanks much.
>
>
> --__--__--
>
> Message: 8
> Date: Tue, 14 May 2002 14:12:36 +0200
> From: Mikael Olsson <[EMAIL PROTECTED]>
> Organization: Clavister AB
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: NT Syslog client
>
>
>
> [EMAIL PROTECTED] wrote:
> >
> > I am still looking for an NT syslog client
>
> Netcat for win32
> Google for "nc.exe".
>
> just do:
> echo "<n> My message" | nc 1.2.3.4 514
>
> where n is the facility/precedence bitmask, which you
> can look up in the syslog RFC (yes, they finally got
> around to documenting it :))
>
>
> --
> Mikael Olsson, Clavister AB
> Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
> Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
> Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
>
> "Senex semper diu dormit"
>
> --__--__--
>
> Message: 9
> Date: Tue, 14 May 2002 14:22:15 +0200
> From: Mikael Olsson <[EMAIL PROTECTED]>
> Organization: Clavister AB
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: Logging to Ciscoworks
>
>
>
> [EMAIL PROTECTED] wrote:
> >
> > Using a script , syslog.conf, and "logger" there, I can get the data into
> > the Ciscoworks syslog file ("syslog_info") but it doesn't have the right
> > origin address, facility code, or severity level for Ciscoworks to pick
> it
> > up.
>
> Oh, that's what you meant by syslog client. (Sorry, I read your
> messages in the wrong order.)
>
> Can't you just reformat the "syslog" data file using perl or gawk?
>
> The syslog format isn't _that_ advanced -- heck, even a regular
> sed pattern ought to be able to fix your origin/facility/severity
> strings.
>
>
> --
> Mikael Olsson, Clavister AB
> Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
> Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
> Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
>
> "Senex semper diu dormit"
>
> --__--__--
>
> Message: 10
> Date: Tue, 14 May 2002 20:34:42 +0800
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> From: Bret Watson <[EMAIL PROTECTED]>
> Subject: Re: NT Syslog client
>
> Go to sourceforge.net - there is one there, though I can't remember exactly
> the URL right now - we use it and it appears to be quite stable.
>
> Bret
>
> At 12:25 14/05/02 +0100, you wrote:
> >Hi All,
> >I am still looking for an NT syslog client (preferably
> >"freeware")............. does anybody know of one ?
> >All I need to be able to do is to send a user-generated record to a syslog
> >server on another platform using port 514.
> >Thanks, Gordon
>
> Technical Incursion Countermeasures www.ticm.com
> The Insider www.ticm.com/info/insider
>
>
> --__--__--
>
> Message: 11
> From: Vishal Mukherjee <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Winroute Pro
> Date: Tue, 14 May 2002 17:20:43 +0530
>
>
>
> Hi all
> No one talk of winroute pro? Is it outdateed or a very small firewall..
>
> Regards
> Vishal
>
>
> Visit Our Cement Site at http://www.indorama.co.in
> Our Software Site at http://www.irssl.com
>
>
>
> --__--__--
>
> Message: 12
> Subject: Re: CISSP
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> From: [EMAIL PROTECTED]
> Date: Tue, 14 May 2002 08:08:15 -0500
>
>
> Chris,
>
> I used the Information Security Handbook by Hal Tipton and Micki Kruse.
> That was the only study material I used. There is also a study guide at
> www.isc2.org.
>
> Regards,
> Jeffery Gieser
>
>
>
> I've been reading up on the CISSP. While I don't have the $$$$ to attend
> classes, can some of you recommend some books that you have used to obtain
> your designation.
> Thanks,
> Chris
>
>
> --__--__--
>
> Message: 13
> To: [EMAIL PROTECTED]
> Subject: CheckPoint FireWall-1 (NG) on Nokia's IP 530 throughput question
> From: [EMAIL PROTECTED]
> Date: Tue, 14 May 2002 15:34:37 +0200
>
> This is a multipart message in MIME format.
> --=_alternative 004A5C83C1256BB9_=
> Content-Type: text/plain; charset="us-ascii"
>
> Hi,
>
> Can you please pass any information on the throughput (both theoretical
> and practical) of CheckPoint FireWall-1 (v.4.1) on Nokia's IP 440 and 530
> ?
>
> Many thanks,
> Artur
>
> --=_alternative 004A5C83C1256BB9_=
> Content-Type: text/html; charset="us-ascii"
>
>
> <br><font size=2 face="sans-serif">Hi,</font>
> <br>
> <br><font size=2 face="sans-serif">Can you please pass any information on
> the throughput (both theoretical and practical) of CheckPoint FireWall-1
> (v.4.1) on Nokia's IP 440 and 530 ?</font>
> <br>
> <br><font size=2 face="sans-serif">Many thanks,</font>
> <br><font size=2 face="sans-serif">Artur</font>
> <br>
> --=_alternative 004A5C83C1256BB9_=--
>
> --__--__--
>
> Message: 14
> To: [EMAIL PROTECTED]
> Subject: CheckPoint FireWall-1 (NG) on Nokia's IP 530 throughput question
> From: [EMAIL PROTECTED]
> Date: Tue, 14 May 2002 15:36:43 +0200
>
> This is a multipart message in MIME format.
> --=_alternative 004A8DA7C1256BB9_=
> Content-Type: text/plain; charset="us-ascii"
>
> Hi,
>
> Can you please pass any information on the throughput (both theoretical
> and practical) of CheckPoint FireWall-1 (NG) on Nokia IP 530 ?
>
> Many thanks,
> Artur
>
> --=_alternative 004A8DA7C1256BB9_=
> Content-Type: text/html; charset="us-ascii"
>
>
> <br><font size=2 face="sans-serif">Hi,</font>
> <br>
> <br><font size=2 face="sans-serif">Can you please pass any information on
> the throughput (both theoretical and practical) of CheckPoint FireWall-1
> (NG) on Nokia IP 530 ?</font>
> <br>
> <br><font size=2 face="sans-serif">Many thanks,</font>
> <br><font size=2 face="sans-serif">Artur</font>
> <br>
> --=_alternative 004A8DA7C1256BB9_=--
>
> --__--__--
>
> Message: 15
> To: Mikael Olsson <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: Any experience with CheckPoint VPN client getting through Cisco
> PIXfirewall?
> From: [EMAIL PROTECTED]
> Date: Tue, 14 May 2002 15:35:53 +0200
>
> This is a multipart message in MIME format.
> --=_alternative 004A79EBC1256BB9_=
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Mikael,
>
> I'd really appreciate if you could confirm this - I really have to know if =
>
> I'm going to be successful with sending encrypted CP SecuRemote packets=20
> through Cisco PIX firewall before I deploy it.
>
> Thanks,
> Artur
>
>
>
>
> Mikael Olsson <[EMAIL PROTECTED]>
> 05/14/2002 02:00 PM
>
> =20
> To: [EMAIL PROTECTED]
> cc: [EMAIL PROTECTED]
> Subject: Re: Any experience with CheckPoint VPN client
> getti=
> ng through Cisco=20
> PIXfirewall?
>
>
>
> [EMAIL PROTECTED] wrote:
> >
> > The idea is to install CheckPoint VPN-1 SecureClients (v4.1 SP5 3DES) on
> > external network PCs to have them vpn through the remote network Cisco
> > PIX firewall to our CheckPoint VPN-1/FW-1 (currently version 4.1 SP5).
> >
> > I'm lookiing for possible issues with encrypted CP packets getting
> > through Cisco PIX firewall - any ideas, please ?
>
> Two "if"s here:
> - IF the pix is picky about layer size mismatches
> and
> - IF checkpoint still hasn't fixed their broken encapsulation,
>
> the problem is probably checkpoint encapsulation building b0rken
> datagrams. I don't remember the specifics, but we got a support
> case a while ago with someone running checkpoint VPNs through our
> boxes, and having our stuff complain about layer size mismatches.
> I think it was something like the IP header saying the datagram
> had 1480 bytes IP data and the UDP header saying the total UDP
> length was only 1472 bytes. (These two numbers should be identical).
>
> As I said, I'm not 100% sure about the specifics here. I could
> go dig in the support DB if you need more info.
>
> /Mikael
>
> --
> Mikael Olsson, Clavister AB
> Storgatan 12, Box 393, SE-891 28 =D6RNSK=D6LDSVIK, Sweden
> Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
> Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
>
> "Senex semper diu dormit"
>
>
> --=_alternative 004A79EBC1256BB9_=
> Content-Type: text/html; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
>
> <br><font size=3D2 face=3D"sans-serif">Mikael,</font>
> <br>
> <br><font size=3D2 face=3D"sans-serif">I'd really appreciate if you could c=
> onfirm this - I really have to know if I'm going to be successful with send=
> ing encrypted CP SecuRemote packets through Cisco PIX firewall before I dep=
> loy it.</font>
> <br>
> <br><font size=3D2 face=3D"sans-serif">Thanks,<br>
> Artur</font>
> <br>
> <br>
> <br>
> <table width=3D100%>
> <tr valign=3Dtop>
> <td>
> <td><font size=3D1 face=3D"sans-serif"><b>Mikael Olsson <mikael.olsson@c=
> lavister.com></b></font>
> <p><font size=3D1 face=3D"sans-serif">05/14/2002 02:00 PM</font>
> <br>
> <td><font size=3D1 face=3D"Arial"> </font>
> <br><font size=3D1 face=3D"sans-serif"> To: &nbs=
> p; [EMAIL PROTECTED]</font>
> <br><font size=3D1 face=3D"sans-serif"> cc: &nbs=
> p; [EMAIL PROTECTED]</font>
> <br><font size=3D1 face=3D"sans-serif"> Subject:=
> Re: Any experience with CheckPoint VPN client
> g=
> etting through Cisco PIXfirewall?</font></table>
> <br>
> <br>
> <br>
> <br><font size=3D2><tt>[EMAIL PROTECTED] wrote:<br>
> ><br>
> > The idea is to install CheckPoint VPN-1 SecureClients (v4.1 SP5 3DES) =
> on<br>
> > external network PCs to have them vpn through the remote network Cisco=
> <br>
> > PIX firewall to our CheckPoint VPN-1/FW-1 (currently version 4.1 SP5).=
> <br>
> ><br>
> > I'm lookiing for possible issues with encrypted CP packets getting<br>
> > through Cisco PIX firewall - any ideas, please ?<br>
> </tt></font>
> <br><font size=3D2><tt>Two "if"s here:<br>
> - IF the pix is picky about layer size mismatches<br>
> and<br>
> - IF checkpoint still hasn't fixed their broken encapsulation,<br>
> </tt></font>
> <br><font size=3D2><tt>the problem is probably checkpoint encapsulation bui=
> lding b0rken<br>
> datagrams. I don't remember the specifics, but we got a support<br>
> case a while ago with someone running checkpoint VPNs through our<br>
> boxes, and having our stuff complain about layer size mismatches.<br>
> I think it was something like the IP header saying the datagram<br>
> had 1480 bytes IP data and the UDP header saying the total UDP<br>
> length was only 1472 bytes. (These two numbers should be identical).<br>
> </tt></font>
> <br><font size=3D2><tt>As I said, I'm not 100% sure about the specifics her=
> e. I could<br>
> go dig in the support DB if you need more info.<br>
> </tt></font>
> <br><font size=3D2><tt>/Mikael<br>
> </tt></font>
> <br><font size=3D2><tt>--<br>
> Mikael Olsson, Clavister AB<br>
> Storgatan 12, Box 393, SE-891 28 =D6RNSK=D6LDSVIK, Sweden<br>
> Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05<br>
> Fax: +46 (0)660 122 50 WWW: http://www.clavister.com<b=
> r>
> </tt></font>
> <br><font size=3D2><tt>"Senex semper diu dormit"</tt></font>
> <br>
> <br>
> --=_alternative 004A79EBC1256BB9_=--
>
> --__--__--
>
> Message: 16
> From: "Ben Nagy" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: RE: Any experience with CheckPoint VPN client getting through Cisco
> PIXfirewall?
> Date: Tue, 14 May 2002 16:00:40 +0200
>
> 1. Set your Checkpoint client to use UDP encapsulation mode.
>
> 2. Configure the PIX to have a static for the FW-1, and have an access
> list that permits UDP 2746 through to the FW-1 (and whatever other ACL
> stuff you may need).
>
> Done.
>
> All the other solutions involve using nat 0 on the PIX which, although
> it may work, isn't really recommended.
>
> Cheers,
>
> --
> Ben Nagy
> Network Security Specialist
> Mb: TBA PGP Key ID: 0x1A86E304
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Tuesday, May 14, 2002 12:52 PM
> To: [EMAIL PROTECTED]
> Subject: Any experience with CheckPoint VPN client getting through Cisco
> PIXfirewall?
>
>
>
> Hi,
>
> The idea is to install CheckPoint VPN-1 SecureClients (v4.1 SP5 3DES) on
> external network PCs to have them vpn through the remote network Cisco
> PIX firewall to our CheckPoint VPN-1/FW-1 (currently version 4.1 SP5).
>
> I'm lookiing for possible issues with encrypted CP packets getting
> through Cisco PIX firewall - any ideas, please ?
>
> Thanks,
> Artur
>
>
>
> --__--__--
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> For Account Management (unsubscribe, get/change password, etc) Please go to:
> http://lists.gnac.net/mailman/listinfo/firewalls
>
>
> End of Firewalls Digest
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> For Account Management (unsubscribe, get/change password, etc) Please go to:
> http://lists.gnac.net/mailman/listinfo/firewalls
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> For Account Management (unsubscribe, get/change password, etc) Please go to:
> http://lists.gnac.net/mailman/listinfo/firewalls
>
>
>
>
> *********************************************************
> * This email address does not wish to receive ANY *
> * unsolicited email. Anyone sending unsolicited email *
> * to this email address will be charged a US $50 fee. *
> * By obtaining and using this email address you *
> * agree to these terms. Failure to abide by this *
> * agreement will result a comlpaint being filed to *
> * the federal trade commission [EMAIL PROTECTED] *
> *********************************************************
>
>
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> For Account Management (unsubscribe, get/change password, etc) Please go to:
> http://lists.gnac.net/mailman/listinfo/firewalls
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
