Re: [FW-1] VPN + IKE

Wed, 07 May 2008 23:55:55 -0700 

hi,

do you see drops between your firewall and the remote vpn gateway?

what you can check
- ike allowed?
- nat-t needed?
- ESP allowed?

in your VPN community - please define the group "IPsec" as excluded services

br
reinhard

At 08:28 08.05.2008, you wrote:

Hello Friends,

I tried to implement a VPN connect using explicitly defined Firewall Rules.

Ok, the fw1 establishes an implied rule containing the ESP packets
But defining the necessary IKE rule eplicitly failed. On the other hand activating the implied rule containg an equivalent IKE rule works.
Any idea what's the difference between the implied IKE rule and an explicitly defined rule is? 

Regards
Burkhard

Burkhard Trinder
Security Design

HVB Information Systems Gmbh
Member of UniCredit Group

Am Tucherpark 12
D-80538 Muenchen

Tel.:  +49-89/378-24286
Fax.: +49-89/378-33-24286
EMail: [EMAIL PROTECTED]

Management: Gabriele Ruf, Klaus Rausch
Chairman Supervisory Board: Matthias Sohler
Legal form: GmbH, registered office: München, register court: local court München HR B 93804, tax number 143/102/30007 





Scanned by Check Point Total Security Gateway.


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================


--
Reinhard Stich          [EMAIL PROTECTED]
Internet Security AG,      1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to