I agree.
But when I create the object for the Cisco routers (as interoperable devices) I
cannot add it to the community as participating gateways. And secondly I have
means of defining the shared secret (which is used in this case) on the FW
object because it is in simplified mode.
So how can I get the Cisco object into the community or the traditional
properties of the FW object changed?
Thanks for all your input,
David Callebaut
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of pkc_mls
Sent: donderdag 23 november 2006 9:39
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] trad. VPN settings in simp. mode
David CALLEBAUT [AEMS Be] a écrit :
> Dear List members,
>
> I have a customer who wants to establish a site-to-site VPN between a
> FP2 cluster and a Cisco 2621 router. I know there are some pitfalls in
> setting something like this up. Anybody has some good info or documents
> related to setting up this kind of VPN?
> Note: the customer does not want to upgrade to a newer version of FW.
>
> The current firewall object is defined as a "simplified mode" object. I
> know in R55 that you have the button "traditional mode configuration..."
> in the VPN tab of the FW object to allow IKE settings for these kind of
> VPN tunnels, but I don't have this button in the object of the FP2
> policy. Does anybody know where I have to set the traditional settings?
> Or must I revert back to creating a "traditional" object and then do the
> settings?
>
>
the ike settings can be set on the vpn community properties.
there is a way to also set the parameters on every gateway, but
it's better to have the same settings on each gateway that participate
to the same community, so each time you change a parameter,
you don't have to change it for your n gateways.
hope this'll help.
> David
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
>
___________________________________________________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur
Yahoo! Questions/Réponses
http://fr.answers.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
