- Feb 9, 2007
- 1
- 0
- 18,510
Hi can you please help me on this issue.
Currently the customer has a number of site to site vpn tunnels, some going to checkpoint nodes and openswan nodes.
One of the vpn termination devices is being changed to a racoon linux based firewall and because of the way the customers checkpoint has been configured there is a mis-match between the peer ID and the peer IP and therefore tunnel negotiation fails. Openswan can be configured to accept a different peer id, which is usually the peer IP but the racoon cannot be reconfigured in this way.
the relevant link, http://www.fw-1.de/aerasec/ng/vpn-racoon/CP-VPN1-NG-Linux-racoon-gateway.html, looks fine and shows how to setup the VPN tunnel but the problem we are having is the checkpoint is configured with the internal IP in the node object and therefore is sending this IP as the Peer ID and the Racoon is expecting the public IP and therefore the tunnel is not being created.
My question is; if we change this internal IP in the node object to the external IP will it then send this external IP as the Peer ID??
Please advice.
Malik.
Currently the customer has a number of site to site vpn tunnels, some going to checkpoint nodes and openswan nodes.
One of the vpn termination devices is being changed to a racoon linux based firewall and because of the way the customers checkpoint has been configured there is a mis-match between the peer ID and the peer IP and therefore tunnel negotiation fails. Openswan can be configured to accept a different peer id, which is usually the peer IP but the racoon cannot be reconfigured in this way.
the relevant link, http://www.fw-1.de/aerasec/ng/vpn-racoon/CP-VPN1-NG-Linux-racoon-gateway.html, looks fine and shows how to setup the VPN tunnel but the problem we are having is the checkpoint is configured with the internal IP in the node object and therefore is sending this IP as the Peer ID and the Racoon is expecting the public IP and therefore the tunnel is not being created.
My question is; if we change this internal IP in the node object to the external IP will it then send this external IP as the Peer ID??
Please advice.
Malik.
Facebook
Twitter
Instagram