Do you have the remote gateway defined has a VPN object or a host? -GS
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of pkc_mls Sent: Friday, February 22, 2008 10:59 AM To: [email protected] Subject: [FW-1] ike and NAT hi all, I'd like to NAT ike packets on a gateway that is configured as VPN gateway. here is the config. my checkpoint ngx r62 is configured as VPN gateway. I'd like to use another VPN gateway on my internal network to build a site to site to a remote gateway (none of those are checkpoints). the issue is that the internal gateway sends correctly the ike, which are translated and forwarded to the remote one. but the replies comes to the checkpoint who takes the returning packets for himself, and smartview tracker shows the following : Interface: daemon Origin: fw-msc Type: Log Action: Key Install Source: mycheckpointfw Destination: remote_gw Encryption Scheme: IKE VPN Peer Gateway: remote_gw Subproduct: VPN VPN Feature: IKE Information: IKE: Main Mode Sent Notification to Peer: unsupported exchange type I already tried to modify the NAT, (ie uncheck the "translate on client side") without success. has anyone ever managed to have such a config works ? the vpn is initiated from the internal network. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
