Hello,
I am having a problem setting up a LAN-to-LAN VPN using SKIP, both firewalls
are v4.1, running on NT 4.0 sp6. Both firewalls are using automatic hide
NAT. After configuring the VPN, I am unable to ping or connect to resources
from internal to internal network, and I do not see any encryption occuring
in the log. I do get the following error "Encryption failure: gateway
connected to both endpoints scheme: SKIP". NAT to the internet is
functioning properly at both sites. I am able to successfully generate and
pull the encryption keys.
Here is the configuration:
netA --- (le0) firewallA (le1) -- internet --- (le0) firewallB (le1) --
netB
netA is private: 192.168.0.0
le0: is 192.168.0.1
le1: is 209.219.110.130
netA objects:
netAfw - local firewall object
netBfw - remote fireall object
netA-net - local network object
network: 192.168.0.0
netB-net - remote network object
network: 192.168.1.0
encryption rule on firewallA:
netA-net netB-net any encrypt long gateway all
netB-net netA-net any encrypt long gateway all
netB is private: 192.168.1.0
le0: 192.168.1.1
le1: 24.9.197.124
netB objects:
netBfw - local firewall object
netAfw - remote firewall object
netB-net - local network object
netA-net - remote firewall object
encryption rule on firewallB:
netB-net netA-net any encrypt long gateway all
netA-net netB-net any encrypt long gateway all
on firewallA: address translation
automatic hide: 192.168.0.0 -> 209.219.110.130
on firewallB: address translation
automatic hide: 192.168.1.0 -> 24.9.197.124
Am I missing something? What should my encryption domains contain to account
for the NAT? Do I need any other rules?
Thanks for any help!
Jeff Blada, MCSE, CCA, CCNA
Senior Network Technician
Agility Computer Network Services, L.L.C.
312-587-9894
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
