VPN Connectivity.

[lancelote]

Hello,

I'm going to explain you my probleme. I've got 2 Nokia IP120 and checkpoint NG AI.
I install 2 module firewall-1 VPN-1 on each gateway and the management server on a local interface of one Nokia appliance. The second Nokia can be connected to the management server after putting policy with static nat of an ip public adress on the local IP120 (Nokia).
After that without VPN for now i'vent the return of the log coming from the remote IP120, why and how to make it work ?

All the configuration of the VPN option are good. IKE mode 3DES and SHA-1 i've tryed so many thing that the error don't come from this even in the GlobalProperties. Think there is a special roule or really special option to put on or something like that.
After that i've try Simplified mode and traidtionnal mode for VPN and i ve almost the same error.
My principal error when i put my VPN (communites or traditionnal) is when i ping from each side of the secure network i've the next error :
cannot calculate IKE Range
Some difference are when i m in traditionnal mode and put the 2 IP120 in a encrypted rule i can ping the local interface of each IP120 and the connection is encrypted. So i don't understand why it can't connect with the client on the VPN domain. Why and how to make it work ?

I've contact my reseller which is a support expert and they say me that it work on his lab.

Really really really really really really really need help !
Think someone must have had this pb to answer me !


LaNceLoT

 

[lancelote]

Ok i have solve my probleme by adding a virtual log server at the adresse of the static NAT of the real management server to have the return of the log.

For the VPN the probleme is that the management server was not a part of the VPN domain. The VPN work fine with other machine. So to solve it i must make a group for the VPN domain that contain the virtual adress of the management server.


Hope i can help somebody to solve something......


LaNceLoT