Re: [FW-1] Urgent please help. VPN issue

Subject:	Re: [FW-1] Urgent please help. VPN issue
From:	"Brockhoven, Werner" <Werner.Brockhoven AT HP DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 20 Jan 2006 09:15:42 +0100

Cisco4ng,

I'm not sure about the statement that changes in traditional mode will
have no impact.  Personally I've had to play with the "exportable for
securemote/secureclient" setting and it DOES have an impact.  I also
know that the pre-shared secret settings in traditional mode are NOT
used.

Did you try changing the phase2_rekeying_kbytes etc as suggested by
Crist J. ?

Regards,

Werner

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of
cisco4ng
Sent: Wednesday, January 18, 2006 23:44
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Urgent please help. VPN issue

Hi everyone,

  I guess I should have elaborated a little more in the previous thread.
  I know how to do that in traditional mode.  However, according to both
  Nokia and checkpoint documentation, whatever changes are being made
  in traditional has NO effects in Simplified mode, especially
simplified
  VPN configuration (vpn community).  Furthermore, according to Nokia,
  changes made in the traditional mode tab is NOT supported if the vpn
  is configured in simplified mode.

  I guess bottom line is that it is not supported in simplified mode.
Thanks again
  everyone.

  cisco4ng

Christopher Hoff <choff AT TRUENORTHSOLUTIONS DOT NET> wrote:
  You can change the settings on a per node gateway by editing the
traditional mode settings and going to the advanced settings.

Thank you,

____________________________________________
Christopher Hoff
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Crist
Clark
Sent: Wednesday, January 18, 2006 4:45 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Urgent please help. VPN issue

cisco4ng wrote:
> Hi gurus,
> 
> Please help me with this problem.
> 
> I am setting a site-to-site vpn between a Checkpoint NG firewall and
a Cisco IOS 
> device.
> 
> The dude on the Cisco side keeps insisting that the IPSec phase II
key re-negotiation
> be data-limit instead of of timeout limit. I know how to do that on
Cisco device.
> For example:
> 
> set security-association lifetime kilobytes 57193933
> 
> How can I achieve this in Checkpoint? In Checkpoint Simplified
mode, I can only
> specify the timeout setting for IPSec phase II. 

FWIW, specifying the lifetime in time or byte count or both at once all
MUST be supported according to the standard.

Going straight to the Checkpoint database, I see the following,

:isakmp.phase2_rekeying_kbytes (50000)
:isakmp.phase2_rekeying_time (3600)
:isakmp.phase2_use_rekeying_kbytes (false)

As attributes of IPsec endpoints. Names seem self explanatory. Can't say
if they actually work. Dunno how to access them through the "Dashboard"
or whatever they're calling it for now. You may need to edit the
database with DBedit or the ol' 'vi objects_5_0.C'.
--
Crist J. Clark crist.clark AT globalstar DOT com Globalstar Communications
(408) 933-4387

=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================
IMPORTANT: The information contained in this electronic message and/or
its attachments is intended only for the use of the individual(s) named
above and may contain information that is privileged and/or
confidential. If you are not the intended recipient, please notify the
sender immediately by reply and immediately delete this message and all
its attachments without making any copies or distributions thereof. Any
review, use, reproduction, disclosure or dissemination of this message
or any attachment by an unintended recipient is strictly prohibited and
may violate copyrights and/or other laws. Neither the sender, his or her
employer nor any of their respective affiliates makes any warranties as
to the completeness or accuracy of any of the information contained
herein or that this message or any of its attachments is free of
viruses.

=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================

---------------------------------
Yahoo! Photos - Showcase holiday pictures in hardcover  Photo Books. You
design it and we'll bind it!

=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Urgent please help. VPN issue, cisco4ng Re: [FW-1] Urgent please help. VPN issue, Crist Clark Re: [FW-1] Urgent please help. VPN issue, Ramakrishnan Pillai Re: [FW-1] Urgent please help. VPN issue, Christopher Hoff Re: [FW-1] Urgent please help. VPN issue, cisco4ng Re: [FW-1] Urgent please help. VPN issue, Ramki Security Re: [FW-1] Urgent please help. VPN issue, Stefanov, Kiril Re: [FW-1] Urgent please help. VPN issue, Robert Plaenk Re: [FW-1] Urgent please help. VPN issue, Clint Leatherman Re: [FW-1] Urgent please help. VPN issue, Brockhoven, Werner <= Re: [FW-1] Urgent please help. VPN issue, cisco4ng Re: [FW-1] Urgent please help. VPN issue, Chontzopoulos Dimitris [FW-1] Migrating Smartcenter from Windows to Splat Platform, no-need to-list Re: [FW-1] Urgent please help. VPN issue, Ray

Previous by Date:	[FW-1] Need help with configuring OSPF on the Nokia to work with Cisco device, cisco4ng
Next by Date:	Re: [FW-1] Cluster XL Secureplatform HFA17 fails, Fabrice Barutel
Previous by Thread:	Re: [FW-1] Urgent please help. VPN issue, Clint Leatherman
Next by Thread:	Re: [FW-1] Urgent please help. VPN issue, cisco4ng
Indexes:	[Date] [Thread] [Top] [All Lists]