In network address translation policy, add the following rules:
NET-A>>>NET-B>>ANY>>ORIGINAL
NET-B>>>NET-A>>ANY>>ORIGINAL
Do it on both Firewalls.
When IPSEC tunnel is established, no NAT needs to be done on either side of
the tunnel,
because all the ip headers from the internal networks are encapsulated in
the gateway's external IP address.
HTH
Michael.
-----Original Message-----
From: Mick Gunter [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 21, 2001 8:31 PM
To: [EMAIL PROTECTED]
Subject: [FW1] problem with IKE vpn
Hello,
Am working on setting up a point to point IKE VPN between two Nokia IP330
boxes. both are vpn-1 4.1 sp2.
After configuring both sides for VPN, I can originate communication from
site A to site B but not from Site B to site A.
The curious thing in the logs is that on site A (the site that seems to
work) when I ping site B the log records the actual (invalid) IP addresses
for both the source and destination node
On site B (the site that doesn't work) the log file records the external if
of site A's firewall.
I have hide nat configured for both internal network subnets.
thanks in advance for assistance,
Mick
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
