Thread: IP address for Firewall Object
View Single Post
  #5 (permalink)  
Old 2006-09-26
Tetaworx Tetaworx is offline
Member
  
Join Date: 2006-01-04
Location: Germany
Posts: 36
Rep Power: 0
Tetaworx has an average reputation (10+)
Send a message via ICQ to Tetaworx
Default Re: IP address for Firewall Object
Hello,

are you using site2site VPN's with a FW-1 gateway with an internal ip defined?

We're, too, using the internal IP für the firewall(-cluster-)object and had no problems with that until now.

But now we've a problem with a remote site2site VPN, because our gate uses the internal IP as ID in the IPSec negotiation. The remote partner does of course not recognize this internal IP and sends an

"Notify Payload

Next Payload: NONE
Reserved: 0
Length: 00 1c (28)
DOI: 00 00 00 00 (0)
ProtID: 1
SPI Size: 16
Notify Type: 18 (INVALID-ID-INFORMATION)
SPI:
ef a0 bb b4 2f 0b 0a 8c f3 d5 90 69 23 84 ea
62 "

Has anyone ever hat this problem, too?

Thanks in advance,

Dennis Breithaupt
Reply With Quote