If you are using traditional mode just got in to the CP object, VPN,
Traditional mode configuration, Advanced and check renegotiate IPSEC
security association every XXXX Kbytes
I don't know if this is possible in simplified mode as I haven't used it
yet but I don't see why not.
Kiril
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Robert
Plaenk
Sent: January 19, 2006 3:59 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Urgent please help. VPN issue
I don't think CP does data limit
Robert Plaenk, CISSP, CISA
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
cisco4ng
Sent: Wednesday, January 18, 2006 4:24 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Urgent please help. VPN issue
Hi gurus,
Please help me with this problem.
I am setting a site-to-site vpn between a Checkpoint NG firewall and a
Cisco IOS
device.
The dude on the Cisco side keeps insisting that the IPSec phase II key
re-negotiation
be data-limit instead of of timeout limit. I know how to do that on
Cisco device.
For example:
set security-association lifetime kilobytes 57193933
How can I achieve this in Checkpoint? In Checkpoint Simplified mode,
I can only
specify the timeout setting for IPSec phase II.
I didn't want to do this but I guess customer is always right so I
have to please this
dude.
Please help.
cisco4ng
---------------------------------
Yahoo! Photos
Got holiday prints? See all the ways to get quality prints in your
hands ASAP.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
************************************************************************
**************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
