Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] VPN1 Edge - R55 Site to Site VPN

from Ray [Permanent Link]
Subject: Re: [FW-1] VPN1 Edge - R55 Site to Site VPN
From: Ray <sixsigma44 AT HOTMAIL DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Tue, 29 Mar 2005 22:35:37 -0500 
That was my understanding as well. Perhaps the first or last link on this
page can shed some light:
http://www.sofaware.com/supportDownloads.aspx?boneId=183

i haven't read them in quite awhile, though.

Ray


From: alex <ayrton AT GMX DOT DE>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] VPN1 Edge - R55 Site to Site VPN
Date: Tue, 29 Mar 2005 13:54:45 +0200

First thanks for reply.
We now enabled to accept the DAIP DHCP traffic via implied rule,
but it doesn´t work.
Just to be sure, should we be able to establish the vpn to a dynamic
ip edge or am i informed incorrectly? It was THE reason why we decided
to go for the edge boxes.
In my opinion it shouldn´t be a problem especially because the edge
always establishes a connection to the smartcenter to look for updates.

Alex



 >Date:    Thu, 24 Mar 2005 19:51:52 -0500
 >From:    Ray <sixsigma44 AT HOTMAIL DOT COM>
 >Subject: Re: VPN1 Edge - R55 Site to Site VPN

 >I thought the DAIP part worked by running a dynamic DNS server on the
 >main
 >(static IP) gateway. Do you have the global property (or maybe ait's an
 >implied rule) set to accept traffic from DAIP objects?

 >Ray

 >>From: "Brisbine, Geoff" <GeoffBrisbine AT MI-ASSISTANT DOT COM>
 >>Reply-To: Mailing list for discussion of Firewall-1
 >><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
 >>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
 >>Subject: Re: [FW-1] VPN1 Edge - R55 Site to Site VPN
 >>Date: Thu, 24 Mar 2005 11:26:25 -0600
 >>
 >>It seems like that's the nature of the beast with dynamically assigned
 >>IP addresses.
 >>
 >>It doesn't appear that it wants a FQDN in the IP address field in
 >>SmartDashboard or you could use a DynDNS-type service.
 >>
 >>Would it be feasible to have a background process running on a server
 >>at
 >>the remote location that would simply ping the internal address of the
 >gateway every X seconds or X minutes to keep the tunnel up?
 >>
 >>-----Original Message-----
 >>From: Mailing list for discussion of Firewall-1
 >>[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of alex
 >>Sent: Thursday, March 24, 2005 9:01 AM
 >>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
 >>Subject: [FW-1] VPN1 Edge - R55 Site to Site VPN
 >>
 >>Hi,
 >>
 >>we want to place serveral edge boxes on remote sites.
 >>during test we found a problem: the edge is at adsl line and has
 >>dynamic
 >>ip address.
 >>we can establish a tunnel towards the central site without any problem
 >>but we are not able to establish the tunnel from the central site to
 >>the edge box.
 >>the edge box and the central gateway are placed in a star community
>>and
 >>use certificates for the tunnel, the vpn domain for the edge is
>>defined
 >>as the private network behind the box.
 >>in smartview tracker the following message is displayed, if we try to
 >>establish the tunnel (https connect to private ip of the box)
 >>
 >>"IKE: Main Mode cannot initiate negotiation with a DAIP object"
 >>
 >>edge firmware 5.0.57
 >>central site: vpn1 r55 hfa 08
 >>
 >>any tip would be appreciated.
 >>
 >>regards,
 >>Alex

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [FW-1] Advanced (yeah, right) NAT question, Chontzopoulos Dimitris
Next by Date:  Re: [FW-1] Basic NAT question, Sascha Picchiantano
Previous by Thread:  [FW-1] VPN1 Edge - R55 Site to Site VPN, alex
Next by Thread:  [FW-1] Check Point new version!, Claudio Pazzaglia
Indexes:  [Date] [Thread] [Top] [All Lists]