First thanks for reply.
We now enabled to accept the DAIP DHCP traffic via implied rule,
but it doesn´t work.
Just to be sure, should we be able to establish the vpn to a dynamic
ip edge or am i informed incorrectly? It was THE reason why we decided
to go for the edge boxes.
In my opinion it shouldn´t be a problem especially because the edge
always establishes a connection to the smartcenter to look for updates.
Alex
>Date: Thu, 24 Mar 2005 19:51:52 -0500
>From: Ray <sixsigma44 AT HOTMAIL DOT COM>
>Subject: Re: VPN1 Edge - R55 Site to Site VPN
>I thought the DAIP part worked by running a dynamic DNS server on the
>main
>(static IP) gateway. Do you have the global property (or maybe ait's an
>implied rule) set to accept traffic from DAIP objects?
>Ray
>>From: "Brisbine, Geoff" <GeoffBrisbine AT MI-ASSISTANT DOT COM>
>>Reply-To: Mailing list for discussion of Firewall-1
>><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>>Subject: Re: [FW-1] VPN1 Edge - R55 Site to Site VPN
>>Date: Thu, 24 Mar 2005 11:26:25 -0600
>>
>>It seems like that's the nature of the beast with dynamically assigned
>>IP addresses.
>>
>>It doesn't appear that it wants a FQDN in the IP address field in
>>SmartDashboard or you could use a DynDNS-type service.
>>
>>Would it be feasible to have a background process running on a server
>>at
>>the remote location that would simply ping the internal address of the
>gateway every X seconds or X minutes to keep the tunnel up?
>>
>>-----Original Message-----
>>From: Mailing list for discussion of Firewall-1
>>[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of alex
>>Sent: Thursday, March 24, 2005 9:01 AM
>>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>>Subject: [FW-1] VPN1 Edge - R55 Site to Site VPN
>>
>>Hi,
>>
>>we want to place serveral edge boxes on remote sites.
>>during test we found a problem: the edge is at adsl line and has
>>dynamic
>>ip address.
>>we can establish a tunnel towards the central site without any problem
>>but we are not able to establish the tunnel from the central site to
>>the edge box.
>>the edge box and the central gateway are placed in a star community
>>and
>>use certificates for the tunnel, the vpn domain for the edge is
>>defined
>>as the private network behind the box.
>>in smartview tracker the following message is displayed, if we try to
>>establish the tunnel (https connect to private ip of the box)
>>
>>"IKE: Main Mode cannot initiate negotiation with a DAIP object"
>>
>>edge firmware 5.0.57
>>central site: vpn1 r55 hfa 08
>>
>>any tip would be appreciated.
>>
>>regards,
>>Alex
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
