Hello Experts,
I am trying to configure an environment with IKE encryption between two LANs (I am using CheckPoint FW-1 NG with Service Pack 6 on Windows NT 4.0 Server). When I try to access the Web Server which is located at the other LAN, the packets has to be transmitted from my LAN through the Firewall and go through the firewall of the destination LAN.
The configuration itself seem to be correct, but what I get, is that the packets are encrypted by my firewall but are not decrypted by the remote firewall. The same happens, if one tries to access my web server from the remote LAN.
When I fwstopped and fwstarted the firewall on both sides, I get "Key install - internal_ca: started" message. When I try to access the web site of the remote site, then I get following messages:
key install - fwsource fwdestination IKE: Aggressive Mode completion
key install - fwsource fwdestination IKE: Quick Mode completion.
And then: encrypt http fwsource fwdestination #
So all seem to be configured well, but the only message I am missing is:
decrypt http fwsource fwdestination #
So I cannot access the Web site of the remote site. Is someone, who encountered the same problem?
Any hint will highly be appreciated. Thanks a lot in advance!
Yasushi Kono (CCSA NG)
I am trying to configure an environment with IKE encryption between two LANs (I am using CheckPoint FW-1 NG with Service Pack 6 on Windows NT 4.0 Server). When I try to access the Web Server which is located at the other LAN, the packets has to be transmitted from my LAN through the Firewall and go through the firewall of the destination LAN.
The configuration itself seem to be correct, but what I get, is that the packets are encrypted by my firewall but are not decrypted by the remote firewall. The same happens, if one tries to access my web server from the remote LAN.
When I fwstopped and fwstarted the firewall on both sides, I get "Key install - internal_ca: started" message. When I try to access the web site of the remote site, then I get following messages:
key install - fwsource fwdestination IKE: Aggressive Mode completion
key install - fwsource fwdestination IKE: Quick Mode completion.
And then: encrypt http fwsource fwdestination #
So all seem to be configured well, but the only message I am missing is:
decrypt http fwsource fwdestination #
So I cannot access the Web site of the remote site. Is someone, who encountered the same problem?
Any hint will highly be appreciated. Thanks a lot in advance!
Yasushi Kono (CCSA NG)