Hi gurus,
Please help me with this problem.
I am setting a site-to-site vpn between a Checkpoint NG firewall and a Cisco
IOS
device.
The dude on the Cisco side keeps insisting that the IPSec phase II key
re-negotiation
be data-limit instead of of timeout limit. I know how to do that on Cisco
device.
For example:
set security-association lifetime kilobytes 57193933
How can I achieve this in Checkpoint? In Checkpoint Simplified mode, I can
only
specify the timeout setting for IPSec phase II.
I didn't want to do this but I guess customer is always right so I have to
please this
dude.
Please help.
cisco4ng
---------------------------------
Yahoo! Photos
Got holiday prints? See all the ways to get quality prints in your hands ASAP.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
