Can Linksys BEFVP41 support a Site to Site VPN ?
Try enable/Disable "Support Key exchange for Subnets" on the Advance VPN
properties in the Interoperable Devices Definition on your Checkpoint FW....
If you still having problem then Search on Checkpoint on how to disable
"Super netting"...that can also be a possible cause.
This page configures advanced VPN properties.
Supply key exchange for subnets
The IKE protocol can negotiate keys and a Security Association (SA) for
networks or subnets. If this feature is disabled, a Net Mask of
255.255.255.255 is employed. The Gateway and its peers negotiate a special
SA for every host located behind the Gateway. If enabled, the Gateway and
its peers search for a Net Mask that includes as many hosts as possible that
belong to the VPN domain. If a single inclusive Net Mask cannot be found,
the peers employ a number of Net Masks. This way the number of Security
Associations is kept to a minimum
Copyright (c) Check Point Software
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
Alejandro
Martinez
Sent: Friday, January 28, 2005 2:23 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] VPN setup between FW1 and Lynksys
I have a problem with VPN setup between my FW1 NG R55 and the client
Lynksys BEFVP41
(domain encrypt)<-> FW1<-> Internet <-> Lynksys <-> Lynksys Net
The problem is that the vpn only works when I configure just only one
host in REMOTE GROUP on the Lynksys BEFVP41 client
I need to reach all the networks (domain encrypt) behind checkpoint from
Lynksys not only a host. But if I try with networks, subnetworks in
Lynksys it does not work.
Thanks in advance,
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
