To be honest I thought you were talking about your gateway, not the
externally managed one, as I have seen that message before. I have
configured VPNs with externally managed gateways before and never had that
issue but I guess you can try 2 things:
1) Fill the topology table of the externally managed gateway manually (at
least the external IP could help). That way your firewall knows what is on
the other end.
2) Go to Link Selection and select the "Use a probing method" option, you
can then hit the "configure" button and add the IP address you want your
firewall to use to establish the VPN and in that way make it forget about
looking for the topology info.
I would say option number 2 sounds more likely the one to go, but again,
this is all something I'm suggesting after trying to guess what causes the
error.
I hope it helps.
Regards
On 10/24/06, Sam Nimjareansuk <Sam AT bbcpa DOT com> wrote:
The message appeared when I tried to create the Externally Managed Check
Point Gateway not the local gateway. This external gateway does not have
any interfaces in the topology section. What option should I select for
the Externally Managed Check Point Gateway in the Link Selection?
Thanks
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Sergio
Alvarez
Sent: Monday, October 23, 2006 4:58 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Site to Site VPN R55 and R60 HFA03
The issue you have is not related with the fact that you have R55 and
R60 on
both ends, nor that you are using shared-secret.
First make sure the main IP address you have on the gateway object
(properties > general tab) is in fact one of the IPs configured on the
machine NICs and if it is and it is not the external one, or at least
the
one you are using to establish the VPN with the other gateway, go to the
the
Link seleccion options of the gateway object (properties >Link
Selection)
and change the "main IP" method for something different.
For more info about Link Selection, check out the VPN pdf document for
NGX.
Regards
On 10/23/06, Sam Nimjareansuk <Sam AT bbcpa DOT com> wrote:
>
> We currently have a Site to Site VPN between three different locations
> running Check Point R55.
>
>
>
> I'm conducting a test for R60 by creating an Externally Managed Check
> Point Gateway for a Site to Site VPN (Mesh VPN Community), the
following
> message appeared:
>
>
>
> You have chosen the "main IP" method of IP selection for VPN Link
> Selection. However, this gateway's main IP is not a member of Topology
> table. Under this configuration Link select will not be functional.
>
>
>
> Is anyone able to setup a site to site VPN successful between R55 and
> R60 using manual SHARED SECRET?
>
>
>
> Sam Nimjareansuk
>
>
>
>
>
>
> This message contains confidential information and is intended only
for
> fw-1-mailinglist AT us.checkpoint DOT com. If you are not the named addressee
you
> should not disseminate, distribute or copy this e-mail. Please notify
the
> sender immediately if you have received this e-mail by mistake and
please
> delete this e-mail from your system. Finally, the recipient should
check
> this email and any attachments for the presence of viruses. Bond Beebe
> Advisors & Accountants accepts no liability for any damage caused by
any
> virus transmitted by this email. 23/10/2006
> Bond Beebe Advisors & Accountants, 4600 East-West Highway, Suite# 900,
> Bethesda, MD, 20814-3423, US, www.bbcpa.com
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
--
Sergio Alvarez
(506)8301342
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
This message contains confidential information and is intended only for
Mailing list for discussion of Firewall-1. If you are not the named
addressee you should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately if you have received this e-mail by mistake
and please delete this e-mail from your system. Finally, the recipient
should check this email and any attachments for the presence of viruses.
Bond Beebe Advisors & Accountants accepts no liability for any damage caused
by any virus transmitted by this email. 24/10/2006
Bond Beebe Advisors & Accountants, 4600 East-West Highway, Suite# 900,
Bethesda, MD, 20814-3423, US, www.bbcpa.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
--
Sergio Alvarez
(506)8301342
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
