You can only create a traditional mode site-to-site VPN from a NG to 4.1
firewall.
Thank You,
Jeffrey Larson
Senior LAN Technician
Michigan Millers Mutual Ins.
(517) 371-7726
CCNA Network+
<mailto:jlarson AT mimillers DOT com>
############################################################################
###############################
This e-mail and any files transmitted with it may contain confidential
and/or proprietary information. It is intended solely for the use of the
individual or entity who is the intended recipient. Unauthorized use of this
information is prohibited. If you have received this in error, please
contact the sender by replying to this message and delete this material
from any system it may be on.
############################################################################
#################################
-----Original Message-----
From: rif raf [mailto:rifraf2002 AT HOTMAIL DOT COM]
Sent: Thursday, August 07, 2003 3:48 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1]
We are in the process of setting up a site-to-site vpn between our NG FP2
and an externally managed V4.1.
Firstly, I need to check with the other folks on what is the difference
creating a policy in simplified and traditional modes.
Using traditional mode, stuff like "support aggressive mode" can be set
under the IKE/Advanced option.
However, this is not possible under simplified mode when the firewall/vpn
object is attached to the vpn community.
Using simplified mode, the initial error encountered was "aggressive mode
not supported". I have to set ike_p1_use_aggressive to true in objects_5_0.C
file and this error was not seen further. But the next error encountered was
"proposal not chosen". We finally decided to go back to traditional mode but
is there a utility to move all the rules from simplified mode to traditional
mode?
If simplified mode is the way to go in the future, what about site-to-site
with non-checkpoint vpn products?
TIA.
Rif
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
