 | ||
 Wrong FW source IP for encrypted packets | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2005-08-13 | |||
| |||
 Wrong FW source IP for encrypted packets Wrong FW source IP for encrypted packets VPN-1/FW-1 4.1 SP3 and later changed the default behavior for assigning the source IP address for encrypted packets. Prior to 4.1 SP3, encrypted packets would use the firewall IP address listed in the firewall object's General tab. Answer -------------------------------------------------------------------------------- See SettingUpHighlyAvailableVPNs to use the cluster object (if you have a cluster) IP. For a stand-alone firewall, the property is IPSec_main_if_nat. Follow the instructions on the page referenced below. Use this property in place of IPSec_cluster_nat to restore the old default behavior. Note that this is per gateway object and not a global property. It works in 4.1 SP4 and above. I've used this on 4.1 SP6/Solaris and NG FP2/Nokia. -------------------------------------------------------------------------------- References -------------------------------------------------------------------------------- Nokia Knowledge Base Resolution 7712 CheckPoint SecureKnowledge Solution IDs skI3306, sk5406 EditingObjectsDotC SettingUpHighlyAvailableVPNs -- RobertGraham - 07 Jan 2004 FAQForm FAQs.Class: EncryptionFAQs FAQs.OS: OsNokiaIPSO FAQs.Version:  |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
