From: Stala <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Edge setup - getting close!
Date: Tue, 29 Jun 2004 23:06:05 -0400
I am running version 4.0.85x
hardware version is 1.0
I am getting a 1 way encryption domain, I have the encryption domain set to
a network object in the firewall, In the LSM I have the vpnedge object with
an encryption range set in it.
I can get traffic to encrypt from the edge box to the Nokia but not back to
the edge box, I get an error that there is a translation error. and it is
dropping it.
----- Original Message -----
From: "Ray" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 24, 2004 11:06 PM
Subject: Re: [FW-1] Edge setup - getting close!
Yeah, I saw some of that also until I got it managed by the SmartCenter
server. I'm going to add its encryption domain to our network monitoring
system and ping it every minute to get a better feel for what's going on.
I was seeing continuous traffic flow from the Edge encryption domain but
the
reverse was what was intermittent. Oddly, one of my internal subnets could
ping it all the time but a couple others couldn't do it and I was seeing a
"no valid SA" message in the log from those subnets.
In other words, some subnets were two-way and others were one-way,, from
the
Edge to them but not back.
What firmware version are you on?
Ray
>From: Stala <[EMAIL PROTECTED]>
>Reply-To: Mailing list for discussion of Firewall-1
><[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: [FW-1] Edge setup - getting close!
>Date: Thu, 24 Jun 2004 20:57:44 -0400
>
>I keep getting a problem with the encryption domain going away, the
tunnel
>is still up but no traffic will flow and then for no reason at all the
>traffic starts flowing again, Lots more testing will need to be done....
>----- Original Message -----
>From: "Ray" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Thursday, June 24, 2004 4:50 PM
>Subject: Re: [FW-1] Edge setup - getting close!
>
>
>Nothing personal, Chris, but I hope that's wrong... :-)
>
>Although I was leaning as to that being the answer. <sigh>
>
>Ray
>
>
> >From: Chris Hoff <[EMAIL PROTECTED]>
> >Reply-To: Mailing list for discussion of Firewall-1
> ><[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: [FW-1] Edge setup - getting close!
> >Date: Thu, 24 Jun 2004 10:51:59 -0500
> >
> >In order to route all traffic through the vpn, you have to be using a
> >star community and check the radio button to route all traffic through
> >the hub.
> >
> >Regards,
> >
> >Chris
> >
> >-----Original Message-----
> >From: Mailing list for discussion of Firewall-1
> >[mailto:[EMAIL PROTECTED] On Behalf Of Ray
> >Sent: Wednesday, June 23, 2004 10:05 PM
> >To: [EMAIL PROTECTED]
> >Subject: Re: [FW-1] Edge setup - getting close!
> >
> >Turns out it is, although not as fast as I thought it would. It's not
> >logging traffic coming in via the VPN, just stuff trying to go to
> >targets outside of the primary gateway VPN Dmain, which it is showing
as
> >"accept"
> >and not "encrypt".
> >
> >So I'm back to my original quandry of how to make it route eveything
> >down the VPN. Is this just not possible in a mesh VPN or could it be
> >done with a static route somehow?
> >
> >I dunno...
> >
> >Ray
> >
> > >From: Ray <[EMAIL PROTECTED]>
> > >Reply-To: Mailing list for discussion of Firewall-1
> > ><[EMAIL PROTECTED]>
> > >To: [EMAIL PROTECTED]
> > >Subject: [FW-1] Edge setup - getting close!
> > >Date: Wed, 23 Jun 2004 19:49:29 -0400
> >
> > >Second problem: How do I get the Edge box to send its logs to the
> > >SmartCenter server? I can't see that it's doing that.
> >
> >_________________________________________________________________
> >Make the most of your family vacation with tips from the MSN Family
> >Travel Guide! http://dollar.msn.com
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages, send an email to
> >[EMAIL PROTECTED]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your subscription options,
> >email [EMAIL PROTECTED]
> >=================================================
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to [EMAIL PROTECTED]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >[EMAIL PROTECTED]
> >=================================================
>
>_________________________________________________________________
>Is your PC infected? Get a FREE online computer virus scan from McAfeeŽ
>Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to [EMAIL PROTECTED]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[EMAIL PROTECTED]
>=================================================
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to [EMAIL PROTECTED]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[EMAIL PROTECTED]
>=================================================
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfeeŽ
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
