If it is a non fw1 product, it needs to be set in traditional mode.
I have found it better to set up a VPN in traditional mode if the
firewalls are pre- NG.
Regards
Neil Kemp
Security Consultant
Business Sense IT Ltd
_____
Suite 296, 17 Holywell Hill,
St Albans, AL1 1DT.
Å
+44 (0) 8700 201694
Ë
+44 (0) 7958 545129
Ê
07092 153679
+
Neil.Kemp AT BusinessSense.co DOT uk
"
http://www.businesssense.co.uk
http://www.secureadvice.co.uk
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of rif raf
Sent: 07 August 2003 20:48
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1]
We are in the process of setting up a site-to-site vpn between our NG
FP2
and an externally managed V4.1.
Firstly, I need to check with the other folks on what is the difference
creating a policy in simplified and traditional modes.
Using traditional mode, stuff like "support aggressive mode" can be set
under the IKE/Advanced option.
However, this is not possible under simplified mode when the
firewall/vpn
object is attached to the vpn community.
Using simplified mode, the initial error encountered was "aggressive
mode
not supported". I have to set ike_p1_use_aggressive to true in
objects_5_0.C
file and this error was not seen further. But the next error encountered
was
"proposal not chosen". We finally decided to go back to traditional mode
but
is there a utility to move all the rules from simplified mode to
traditional
mode?
If simplified mode is the way to go in the future, what about
site-to-site
with non-checkpoint vpn products?
TIA.
Rif
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
