You cannot use vpn community object in the
rulebase if you have an edge device . You have to use implicit vpn rule
(checkbox in the community object).
Having fought this battle yesterday, I can assure you that you can use a
community object in the rule base. The way to get it to work is to change
the "Install On" column from "* Policy Targets" to the actual gateway that
the rule applies to.
When I had it as * Policy Targets, I got an error on Verify for every rule
that had a VPN Community specified in the "if via" column, even though they
were different communities.
Ray
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar ? get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
