List Info

Thread: Re: ike and NAT
Re: ike and NAT
country flaguser name
United States		 2008-02-25 08:46:32 
Scott Tobias a écrit :
> Have you tried setting the link selection on the
insides firewall to use the
> NAT address ?
>
>   
the firewall is not part of this vpn, so the link selection
is not 
relevant.
it should only pass and NAT ike traffic before check for a
vpn definition.

> -Scott
>   



Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
Re: ike and NAT
country flaguser name
United States		 2008-02-25 09:30:45 
How do you have the remote gateway object defined? If you
have it defined as a VPN object then your gateway gets an
IKE packet from the remote end and tries to process it as if
where a VPN peer, this object should be defined as a host.
Also to note, if you are doing hide nat with the internal
VPN device both ends must agree to do NAT-T or other type of
encapsulation, or you could static NAT the internal host to
get ESP working.

-GS

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of pkc_mls
Sent: Monday, February 25, 2008 9:47 AM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] ike and NAT

Scott Tobias a écrit :
> Have you tried setting the link selection on the
insides firewall to use the
> NAT address ?
>
>   
the firewall is not part of this vpn, so the link selection
is not 
relevant.
it should only pass and NAT ike traffic before check for a
vpn definition.

> -Scott
>   



Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )