Still limiting, perhaps my present employer does not engage me in a security related manner and thus does not know my skills, or does not wish to endorse me as I took the cert as a means to increaase my potential, and not for this present employer. BNow licesned and certified, does this mean someone holding any old SANS cert can vouch also? Or are we limited to just the higher level SANS certs? someone with a fw1 cert can vouch? some MCSE? someone with soloaris certificartion? does not seem to be well defined here... Thanks, Ron DuFresne On Wed, 15 May 2002, Givens, Mike wrote: > Actually here is the exact statement: > > https://www.isc2.org/cgi-bin/content.cgi?page=171 > > "Beginning June 1, 2002, (ISC)2 is dividing the credentialing process into > two steps: examination and certification. The rules for examination remain > the same. Once a CISSP candidate has been notified of passing the > examination, he/she will be required to have the application endorsed by a > qualified third party before the CISSP credential is awarded. Another CISSP, > the candidate's employer, or any licensed, certified or commissioned > professional may endorse a CISSP candidate." > > Mike > > -----Original Message----- > From: Security Related [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 15, 2002 8:22 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: CISSP > > > That sounds like a bad idea, basically it means that > if you don't already know a CISSP (of which there are > not all THAT many), you are in a position of having > to convince someone who doesn't know you to vouch for > you. sounds great. Don't get me wrong, I like that > they want the cert to retain it's value I just don't > know that I like that method. > > ES > --- > ----Original Message Follows---- > From: "Bill Royds" <[EMAIL PROTECTED]> > To: "John Maestrale" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > Subject: RE: CISSP > Date: Tue, 14 May 2002 23:16:06 -0400 > > It may be of interest the (ISC)2, the CISSP certificate granting body, > intends to ask for an already certified CISPP to vouch for your experience > before granting you the certification. This will probably start as of June 1 > > this year. They are really tightening up the certification rules to make it > much more than a memory work exercise. > Bill Royds, CISSP > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of John Maestrale > Sent: Tue May 14 2002 16:27 > To: '[EMAIL PROTECTED]' > Subject: RE: CISSP > > > Don't bother with the classes they are horrible. Use the study guides from > SRVBOOKS. > > John Maestrale,SSCP > Network Engineer > National Board of Medical Examiners > email: [EMAIL PROTECTED] > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 14, 2002 2:34 PM > To: [EMAIL PROTECTED] > Subject: Firewalls digest, Vol 1 #763 - 19 msgs > > > Send Firewalls mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.gnac.net/mailman/listinfo/firewalls > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Firewalls digest..." > > > Today's Topics: > > 1. Re: CISSP (ecklesd) > 2. Re: CISSP (ecklesd) > 3. Any experience with CheckPoint VPN client getting through Cisco PIX > firewall? ([EMAIL PROTECTED]) > 4. NT Syslog client ([EMAIL PROTECTED]) > 5. Re: Any experience with CheckPoint VPN client getting through Cisco > PIXfirewall? (Mikael Olsson) > 6. RE: NT Syslog client (Clark, Steve) > 7. Re: Firewalls digest, Vol 1 #762 - 8 msgs (Guojia Zhang) > 8. Re: NT Syslog client (Mikael Olsson) > 9. Re: Logging to Ciscoworks (Mikael Olsson) > 10. Re: NT Syslog client (Bret Watson) > 11. Winroute Pro (Vishal Mukherjee) > 12. Re: CISSP ([EMAIL PROTECTED]) > 13. CheckPoint FireWall-1 (NG) on Nokia's IP 530 throughput question > ([EMAIL PROTECTED]) > 14. CheckPoint FireWall-1 (NG) on Nokia's IP 530 throughput question > ([EMAIL PROTECTED]) > 15. Re: Any experience with CheckPoint VPN client getting through Cisco > PIXfirewall? ([EMAIL PROTECTED]) > 16. RE: Any experience with CheckPoint VPN client getting through Cisco > PIXfirewall? (Ben Nagy) > > --__--__-- > > Message: 1 > From: "ecklesd" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > Subject: Re: CISSP > Date: Tue, 14 May 2002 06:33:27 -0400 > > Chris, > > You can get a copy of the Study Guide by going to > http://www.isc2.org/studyguide > > You will need to apply, but it does not cost anything. > > Lance > > ----- Original Message ----- > From: "Chris Orr" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, May 08, 2002 5:15 PM > Subject: CISSP > > > > I've been reading up on the CISSP. While I don't have the $$$$ to attend > classes, can some of you recommend some books that you have used to obtain > your designation. > > Thanks, > > Chris > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > For Account Management (unsubscribe, get/change password, etc) Please go > to: > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > --__--__-- > > Message: 2 > From: "ecklesd" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > Subject: Re: CISSP > Date: Tue, 14 May 2002 06:35:10 -0400 > > Actually checking that again I see that they have changed the process .. > here is the new link: > > https://www.isc2.org/cgi-bin/request_studyguide.cgi > > Lance > ----- Original Message ----- > From: "Chris Orr" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, May 08, 2002 5:15 PM > Subject: CISSP > > > > I've been reading up on the CISSP. While I don't have the $$$$ to attend > classes, can some of you recommend some books that you have used to obtain > your designation. > > Thanks, > > Chris > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > For Account Management (unsubscribe, get/change password, etc) Please go > to: > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > --__--__-- > > Message: 3 > To: [EMAIL PROTECTED] > Subject: Any experience with CheckPoint VPN client getting through Cisco PIX > firewall? > From: [EMAIL PROTECTED] > Date: Tue, 14 May 2002 12:52:15 +0200 > > This is a multipart message in MIME format. > --=_alternative 003B7ECCC1256BB9_= > Content-Type: text/plain; charset="us-ascii" > > Hi, > > The idea is to install CheckPoint VPN-1 SecureClients (v4.1 SP5 3DES) on > external network PCs to have them vpn through the remote network Cisco PIX > firewall to our CheckPoint VPN-1/FW-1 (currently version 4.1 SP5). > > I'm lookiing for possible issues with encrypted CP packets getting through > Cisco PIX firewall - any ideas, please ? > > Thanks, > Artur > --=_alternative 003B7ECCC1256BB9_= > Content-Type: text/html; charset="us-ascii" > > > <br><font size=2 face="sans-serif">Hi,</font> > <br> > <br><font size=2 face="sans-serif">The idea is to install CheckPoint VPN-1 > SecureClients (v4.1 SP5 3DES) on external network PCs to have them vpn > through the remote network Cisco PIX firewall to our CheckPoint VPN-1/FW-1 > (currently version 4.1 SP5).</font> > <br> > <br><font size=2 face="sans-serif">I'm lookiing for possible issues with > encrypted CP packets getting through Cisco PIX firewall - any ideas, please > ?</font> > <br> > <br><font size=2 face="sans-serif">Thanks,<br> > Artur</font> > --=_alternative 003B7ECCC1256BB9_=-- > > --__--__-- > > Message: 4 > Subject: NT Syslog client > To: [EMAIL PROTECTED] > From: [EMAIL PROTECTED] > Date: Tue, 14 May 2002 12:25:13 +0100 > > Hi All, > I am still looking for an NT syslog client (preferably > "freeware")............. does anybody know of one ? > All I need to be able to do is to send a user-generated record to a syslog > server on another platform using port 514. > Thanks, Gordon > > > --__--__-- > > Message: 5 > Date: Tue, 14 May 2002 14:00:20 +0200 > From: Mikael Olsson <[EMAIL PROTECTED]> > Organization: Clavister AB > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: Any experience with CheckPoint VPN client getting through Cisco > > PIXfirewall? > > > [EMAIL PROTECTED] wrote: > > > > The idea is to install CheckPoint VPN-1 SecureClients (v4.1 SP5 3DES) on > > external network PCs to have them vpn through the remote network Cisco > > PIX firewall to our CheckPoint VPN-1/FW-1 (currently version 4.1 SP5). > > > > I'm lookiing for possible issues with encrypted CP packets getting > > through Cisco PIX firewall - any ideas, please ? > > Two "if"s here: > - IF the pix is picky about layer size mismatches > and > - IF checkpoint still hasn't fixed their broken encapsulation, > > the problem is probably checkpoint encapsulation building b0rken > datagrams. I don't remember the specifics, but we got a support > case a while ago with someone running checkpoint VPNs through our > boxes, and having our stuff complain about layer size mismatches. > I think it was something like the IP header saying the datagram > had 1480 bytes IP data and the UDP header saying the total UDP > length was only 1472 bytes. (These two numbers should be identical). > > As I said, I'm not 100% sure about the specifics here. I could > go dig in the support DB if you need more info. > > /Mikael > > -- > Mikael Olsson, Clavister AB > Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden > Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 > Fax: +46 (0)660 122 50 WWW: http://www.clavister.com > > "Senex semper diu dormit" > > --__--__-- > > Message: 6 > From: "Clark, Steve" <[EMAIL PROTECTED]> > To: #Firewalls <[EMAIL PROTECTED]> > Subject: RE: NT Syslog client > Date: Tue, 14 May 2002 08:08:25 -0400 > > Kiwi Syslog is free. > > Steve Clark > Clark Systems Support, LLC > AVIEN Charter Member > "Who's watching your network?" > www.clarksupport.com > 301-610-9584 voice > 240-465-0323 Efax > > The data furnished in connection with this document is deemed by Clark > Systems Support, LLC., to contain proprietary and privileged information and > shall not be disclosed or used for the benefit of others without the prior > written permission of Clark Systems Support, LLC. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 14, 2002 7:25 AM > To: [EMAIL PROTECTED] > Subject: NT Syslog client > > Hi All, > I am still looking for an NT syslog client (preferably > "freeware")............. does anybody know of one ? > All I need to be able to do is to send a user-generated record to a syslog > server on another platform using port 514. > Thanks, Gordon > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > For Account Management (unsubscribe, get/change password, etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls > > --__--__-- > > Message: 7 > Subject: Re: Firewalls digest, Vol 1 #762 - 8 msgs > To: [EMAIL PROTECTED] > From: "Guojia Zhang" <[EMAIL PROTECTED]> > Date: Tue, 14 May 2002 08:09:19 -0400 > > > Hi, I'm trying to evaluate low-end models from NetScreen, Cisco, and > Nokia...as i'm new to firewalls, i would greatly appreciate some direction. > from a price/performance and managebility perspective, which would you > recommend. The network i have in mind is a headquarter LAN with 20 users, > one branch office with 6 users, and 4 telecommuters. Any good/bad > experiences with any vendor?? Thanks much. > > > --__--__-- > > Message: 8 > Date: Tue, 14 May 2002 14:12:36 +0200 > From: Mikael Olsson <[EMAIL PROTECTED]> > Organization: Clavister AB > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: NT Syslog client > > > > [EMAIL PROTECTED] wrote: > > > > I am still looking for an NT syslog client > > Netcat for win32 > Google for "nc.exe". > > just do: > echo "<n> My message" | nc 1.2.3.4 514 > > where n is the facility/precedence bitmask, which you > can look up in the syslog RFC (yes, they finally got > around to documenting it :)) > > > -- > Mikael Olsson, Clavister AB > Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden > Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 > Fax: +46 (0)660 122 50 WWW: http://www.clavister.com > > "Senex semper diu dormit" > > --__--__-- > > Message: 9 > Date: Tue, 14 May 2002 14:22:15 +0200 > From: Mikael Olsson <[EMAIL PROTECTED]> > Organization: Clavister AB > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: Logging to Ciscoworks > > > > [EMAIL PROTECTED] wrote: > > > > Using a script , syslog.conf, and "logger" there, I can get the data into > > the Ciscoworks syslog file ("syslog_info") but it doesn't have the right > > origin address, facility code, or severity level for Ciscoworks to pick > it > > up. > > Oh, that's what you meant by syslog client. (Sorry, I read your > messages in the wrong order.) > > Can't you just reformat the "syslog" data file using perl or gawk? > > The syslog format isn't _that_ advanced -- heck, even a regular > sed pattern ought to be able to fix your origin/facility/severity > strings. > > > -- > Mikael Olsson, Clavister AB > Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden > Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 > Fax: +46 (0)660 122 50 WWW: http://www.clavister.com > > "Senex semper diu dormit" > > --__--__-- > > Message: 10 > Date: Tue, 14 May 2002 20:34:42 +0800 > To: [EMAIL PROTECTED], [EMAIL PROTECTED] > From: Bret Watson <[EMAIL PROTECTED]> > Subject: Re: NT Syslog client > > Go to sourceforge.net - there is one there, though I can't remember exactly > the URL right now - we use it and it appears to be quite stable. > > Bret > > At 12:25 14/05/02 +0100, you wrote: > >Hi All, > >I am still looking for an NT syslog client (preferably > >"freeware")............. does anybody know of one ? > >All I need to be able to do is to send a user-generated record to a syslog > >server on another platform using port 514. > >Thanks, Gordon > > Technical Incursion Countermeasures www.ticm.com > The Insider www.ticm.com/info/insider > > > --__--__-- > > Message: 11 > From: Vishal Mukherjee <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Winroute Pro > Date: Tue, 14 May 2002 17:20:43 +0530 > > > > Hi all > No one talk of winroute pro? Is it outdateed or a very small firewall.. > > Regards > Vishal > > > Visit Our Cement Site at http://www.indorama.co.in > Our Software Site at http://www.irssl.com > > > > --__--__-- > > Message: 12 > Subject: Re: CISSP > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > From: [EMAIL PROTECTED] > Date: Tue, 14 May 2002 08:08:15 -0500 > > > Chris, > > I used the Information Security Handbook by Hal Tipton and Micki Kruse. > That was the only study material I used. There is also a study guide at > www.isc2.org. > > Regards, > Jeffery Gieser > > > > I've been reading up on the CISSP. While I don't have the $$$$ to attend > classes, can some of you recommend some books that you have used to obtain > your designation. > Thanks, > Chris > > > --__--__-- > > Message: 13 > To: [EMAIL PROTECTED] > Subject: CheckPoint FireWall-1 (NG) on Nokia's IP 530 throughput question > From: [EMAIL PROTECTED] > Date: Tue, 14 May 2002 15:34:37 +0200 > > This is a multipart message in MIME format. > --=_alternative 004A5C83C1256BB9_= > Content-Type: text/plain; charset="us-ascii" > > Hi, > > Can you please pass any information on the throughput (both theoretical > and practical) of CheckPoint FireWall-1 (v.4.1) on Nokia's IP 440 and 530 > ? > > Many thanks, > Artur > > --=_alternative 004A5C83C1256BB9_= > Content-Type: text/html; charset="us-ascii" > > > <br><font size=2 face="sans-serif">Hi,</font> > <br> > <br><font size=2 face="sans-serif">Can you please pass any information on > the throughput (both theoretical and practical) of CheckPoint FireWall-1 > (v.4.1) on Nokia's IP 440 and 530 ?</font> > <br> > <br><font size=2 face="sans-serif">Many thanks,</font> > <br><font size=2 face="sans-serif">Artur</font> > <br> > --=_alternative 004A5C83C1256BB9_=-- > > --__--__-- > > Message: 14 > To: [EMAIL PROTECTED] > Subject: CheckPoint FireWall-1 (NG) on Nokia's IP 530 throughput question > From: [EMAIL PROTECTED] > Date: Tue, 14 May 2002 15:36:43 +0200 > > This is a multipart message in MIME format. > --=_alternative 004A8DA7C1256BB9_= > Content-Type: text/plain; charset="us-ascii" > > Hi, > > Can you please pass any information on the throughput (both theoretical > and practical) of CheckPoint FireWall-1 (NG) on Nokia IP 530 ? > > Many thanks, > Artur > > --=_alternative 004A8DA7C1256BB9_= > Content-Type: text/html; charset="us-ascii" > > > <br><font size=2 face="sans-serif">Hi,</font> > <br> > <br><font size=2 face="sans-serif">Can you please pass any information on > the throughput (both theoretical and practical) of CheckPoint FireWall-1 > (NG) on Nokia IP 530 ?</font> > <br> > <br><font size=2 face="sans-serif">Many thanks,</font> > <br><font size=2 face="sans-serif">Artur</font> > <br> > --=_alternative 004A8DA7C1256BB9_=-- > > --__--__-- > > Message: 15 > To: Mikael Olsson <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: Any experience with CheckPoint VPN client getting through Cisco > PIXfirewall? > From: [EMAIL PROTECTED] > Date: Tue, 14 May 2002 15:35:53 +0200 > > This is a multipart message in MIME format. > --=_alternative 004A79EBC1256BB9_= > Content-Type: text/plain; charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > Mikael, > > I'd really appreciate if you could confirm this - I really have to know if = > > I'm going to be successful with sending encrypted CP SecuRemote packets=20 > through Cisco PIX firewall before I deploy it. > > Thanks, > Artur > > > > > Mikael Olsson <[EMAIL PROTECTED]> > 05/14/2002 02:00 PM > > =20 > To: [EMAIL PROTECTED] > cc: [EMAIL PROTECTED] > Subject: Re: Any experience with CheckPoint VPN client > getti= > ng through Cisco=20 > PIXfirewall? > > > > [EMAIL PROTECTED] wrote: > > > > The idea is to install CheckPoint VPN-1 SecureClients (v4.1 SP5 3DES) on > > external network PCs to have them vpn through the remote network Cisco > > PIX firewall to our CheckPoint VPN-1/FW-1 (currently version 4.1 SP5). > > > > I'm lookiing for possible issues with encrypted CP packets getting > > through Cisco PIX firewall - any ideas, please ? > > Two "if"s here: > - IF the pix is picky about layer size mismatches > and > - IF checkpoint still hasn't fixed their broken encapsulation, > > the problem is probably checkpoint encapsulation building b0rken > datagrams. I don't remember the specifics, but we got a support > case a while ago with someone running checkpoint VPNs through our > boxes, and having our stuff complain about layer size mismatches. > I think it was something like the IP header saying the datagram > had 1480 bytes IP data and the UDP header saying the total UDP > length was only 1472 bytes. (These two numbers should be identical). > > As I said, I'm not 100% sure about the specifics here. I could > go dig in the support DB if you need more info. > > /Mikael > > -- > Mikael Olsson, Clavister AB > Storgatan 12, Box 393, SE-891 28 =D6RNSK=D6LDSVIK, Sweden > Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 > Fax: +46 (0)660 122 50 WWW: http://www.clavister.com > > "Senex semper diu dormit" > > > --=_alternative 004A79EBC1256BB9_= > Content-Type: text/html; charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > <br><font size=3D2 face=3D"sans-serif">Mikael,</font> > <br> > <br><font size=3D2 face=3D"sans-serif">I'd really appreciate if you could c= > onfirm this - I really have to know if I'm going to be successful with send= > ing encrypted CP SecuRemote packets through Cisco PIX firewall before I dep= > loy it.</font> > <br> > <br><font size=3D2 face=3D"sans-serif">Thanks,<br> > Artur</font> > <br> > <br> > <br> > <table width=3D100%> > <tr valign=3Dtop> > <td> > <td><font size=3D1 face=3D"sans-serif"><b>Mikael Olsson <mikael.olsson@c= > lavister.com></b></font> > <p><font size=3D1 face=3D"sans-serif">05/14/2002 02:00 PM</font> > <br> > <td><font size=3D1 face=3D"Arial"> </font> > <br><font size=3D1 face=3D"sans-serif"> To: &nbs= > p; [EMAIL PROTECTED]</font> > <br><font size=3D1 face=3D"sans-serif"> cc: &nbs= > p; [EMAIL PROTECTED]</font> > <br><font size=3D1 face=3D"sans-serif"> Subject:= > Re: Any experience with CheckPoint VPN client > g= > etting through Cisco PIXfirewall?</font></table> > <br> > <br> > <br> > <br><font size=3D2><tt>[EMAIL PROTECTED] wrote:<br> > ><br> > > The idea is to install CheckPoint VPN-1 SecureClients (v4.1 SP5 3DES) = > on<br> > > external network PCs to have them vpn through the remote network Cisco= > <br> > > PIX firewall to our CheckPoint VPN-1/FW-1 (currently version 4.1 SP5).= > <br> > ><br> > > I'm lookiing for possible issues with encrypted CP packets getting<br> > > through Cisco PIX firewall - any ideas, please ?<br> > </tt></font> > <br><font size=3D2><tt>Two "if"s here:<br> > - IF the pix is picky about layer size mismatches<br> > and<br> > - IF checkpoint still hasn't fixed their broken encapsulation,<br> > </tt></font> > <br><font size=3D2><tt>the problem is probably checkpoint encapsulation bui= > lding b0rken<br> > datagrams. I don't remember the specifics, but we got a support<br> > case a while ago with someone running checkpoint VPNs through our<br> > boxes, and having our stuff complain about layer size mismatches.<br> > I think it was something like the IP header saying the datagram<br> > had 1480 bytes IP data and the UDP header saying the total UDP<br> > length was only 1472 bytes. (These two numbers should be identical).<br> > </tt></font> > <br><font size=3D2><tt>As I said, I'm not 100% sure about the specifics her= > e. I could<br> > go dig in the support DB if you need more info.<br> > </tt></font> > <br><font size=3D2><tt>/Mikael<br> > </tt></font> > <br><font size=3D2><tt>--<br> > Mikael Olsson, Clavister AB<br> > Storgatan 12, Box 393, SE-891 28 =D6RNSK=D6LDSVIK, Sweden<br> > Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05<br> > Fax: +46 (0)660 122 50 WWW: http://www.clavister.com<b= > r> > </tt></font> > <br><font size=3D2><tt>"Senex semper diu dormit"</tt></font> > <br> > <br> > --=_alternative 004A79EBC1256BB9_=-- > > --__--__-- > > Message: 16 > From: "Ben Nagy" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > Subject: RE: Any experience with CheckPoint VPN client getting through Cisco > PIXfirewall? > Date: Tue, 14 May 2002 16:00:40 +0200 > > 1. Set your Checkpoint client to use UDP encapsulation mode. > > 2. Configure the PIX to have a static for the FW-1, and have an access > list that permits UDP 2746 through to the FW-1 (and whatever other ACL > stuff you may need). > > Done. > > All the other solutions involve using nat 0 on the PIX which, although > it may work, isn't really recommended. > > Cheers, > > -- > Ben Nagy > Network Security Specialist > Mb: TBA PGP Key ID: 0x1A86E304 > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, May 14, 2002 12:52 PM > To: [EMAIL PROTECTED] > Subject: Any experience with CheckPoint VPN client getting through Cisco > PIXfirewall? > > > > Hi, > > The idea is to install CheckPoint VPN-1 SecureClients (v4.1 SP5 3DES) on > external network PCs to have them vpn through the remote network Cisco > PIX firewall to our CheckPoint VPN-1/FW-1 (currently version 4.1 SP5). > > I'm lookiing for possible issues with encrypted CP packets getting > through Cisco PIX firewall - any ideas, please ? > > Thanks, > Artur > > > > --__--__-- > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > For Account Management (unsubscribe, get/change password, etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls > > > End of Firewalls Digest > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > For Account Management (unsubscribe, get/change password, etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > For Account Management (unsubscribe, get/change password, etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > ********************************************************* > * This email address does not wish to receive ANY * > * unsolicited email. Anyone sending unsolicited email * > * to this email address will be charged a US $50 fee. * > * By obtaining and using this email address you * > * agree to these terms. Failure to abide by this * > * agreement will result a comlpaint being filed to * > * the federal trade commission [EMAIL PROTECTED] * > ********************************************************* > > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > For Account Management (unsubscribe, get/change password, etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > For Account Management (unsubscribe, get/change password, etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
