Here is my setup/problem.
I am new to checkpoint and nokia, so bare with me.
I have u-1 and u-2, both are checkpoints setup on nokias at one office and h-1 and h-2 checkpoint setup on nokias at another office.
I have a VPN setup between u-2 and h-2 (these are VPNs setup THROUGH voyager/nokia, NOT VPN-1). I have a couple sensors at the "u" office that need to talk to a server at teh "h" office. The server at the "h" office has a routable ip address, then sensors have a private.
The packet leaves through u-2 (through the VPN, i think, (is there a way to see what packets go through the VPN?)) but the packet enters the h-1 (which doesn't make sense to me becuase the VPN is on h-2, unless the packet went through the internet). It hits the server and leaves through h-2 and gets dropped becuase of the state table entries and all that)... I know why it gets dropped, i don't understand why it is taking the path it is.
Two things here: The reason i think the packet is passing through the VPN is becuase on the h-2 logs, it shows the sensors name, if it came through the internet then i would imagine it would show a NATed ip address of the sensor, not the name.
The second thing is, IF it is going through the VPN, why is it showing up as originating from h-1, when h-2 is the box that has the nokia VPN's setup on it.
I am sure i am missing something on how the checkpoint/nokia treats packets.
A question i do have is, when the sensor tries to talk to the server, and the server has a routable ip address, does u-2 automatically think that it should route it through the internet without looking at the VPNs?
Does this make any sense? hehe
If anyone can help me that would be great.
Thanks,
Heapster
I am new to checkpoint and nokia, so bare with me.
I have u-1 and u-2, both are checkpoints setup on nokias at one office and h-1 and h-2 checkpoint setup on nokias at another office.
I have a VPN setup between u-2 and h-2 (these are VPNs setup THROUGH voyager/nokia, NOT VPN-1). I have a couple sensors at the "u" office that need to talk to a server at teh "h" office. The server at the "h" office has a routable ip address, then sensors have a private.
The packet leaves through u-2 (through the VPN, i think, (is there a way to see what packets go through the VPN?)) but the packet enters the h-1 (which doesn't make sense to me becuase the VPN is on h-2, unless the packet went through the internet). It hits the server and leaves through h-2 and gets dropped becuase of the state table entries and all that)... I know why it gets dropped, i don't understand why it is taking the path it is.
Two things here: The reason i think the packet is passing through the VPN is becuase on the h-2 logs, it shows the sensors name, if it came through the internet then i would imagine it would show a NATed ip address of the sensor, not the name.
The second thing is, IF it is going through the VPN, why is it showing up as originating from h-1, when h-2 is the box that has the nokia VPN's setup on it.
I am sure i am missing something on how the checkpoint/nokia treats packets.
A question i do have is, when the sensor tries to talk to the server, and the server has a routable ip address, does u-2 automatically think that it should route it through the internet without looking at the VPNs?
Does this make any sense? hehe
If anyone can help me that would be great.
Thanks,
Heapster