FW: 4.1 SP3 will support IKE replies from the Cluster IP Address
Nimesh Vakharia
nvakhari at GENX.NET
Sat Mar 3 03:18:56 EST 2001
I don't know if this has been bought up already.. but FYI:
The Checkpoint cluster interoperability issues has been resolved.
-----Original Message-----
From: Kaplan Marc (NIC-USEast/Boston)
Sent: Wednesday, February 14, 2001 9:23 PM
To: Cardinal William (NIC-USEast/Boston)
Cc: nvakhari at hotjobs.com
Subject: FW: 4.1 SP3 will support IKE replies from the Cluster IP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There is a interoperability problem between Check Point's and other
vendors' implementation of IPSec/IKE. The problem arises when using
the Gateway Cluster object and the remote side of the VPN is
instructed to attempt a connection to the Gateway Cluster and then
gets a reply back from the real IP Address of the local firewall.
Resolution 4772 documents the change to objects.C which forces
FireWall-1 to use the Gateway Cluster IP address in the SRC field of
the packet.
This method has been added to Resolution 1265, which documents
numerous changes you can make to objects.C
These changes are also part of the 4.1 Advanced Trouble Shooting
Guide, which can be found in the Documentation->Check Point section
of SE Source.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOotLi6J4oUwDW9gdEQKxRwCeKVR5Ut09jinqAWM4FkC9+1W3xboAn3Nt
KDW0s/hJfvPJr0wDF59x64OG
=W14p
-----END PGP SIGNATURE-----
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list