Re: [FW-1] NGX RX65 and Edge VPN troubles

Subject:	Re: [FW-1] NGX RX65 and Edge VPN troubles
From:	Hugo van der Kooij <hvdkooij AT VANDERKOOIJ DOT ORG>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 4 Apr 2007 07:27:17 +0200

On Tue, 3 Apr 2007, Thomas Nilsen wrote:

We are having some strange issues with the combination of NGX R65 and our Edge 
boxes.

We have deployed a new fresh install of R65 with and imported config from a R55 
install. All our tunnels to other NG gateways are working as expected, but our 
Edge boxes are causing a major headache.

We run or main HQ policy in traditional mode, and as such have not integrated 
the most of Edge boxes with Smartcenter since they would normally rely on a 
simple mode config and VPN communities.  Although, some Edge boxes have been 
connected to Smartcenter with the workaround to get VPN to work in traditional 
mode (creating an external object with the same settings as the Edge box to use 
with the VPN config on the traditional policy)

Once we got the new R65 box up and running, the VPN tunnels to the Edge boxes have been 
behaving strangely. Tunnels from HQ to the Edge boxes worked fine, but not the other way 
around. Errors showing up in the Smartcenter log are "encryption failure: different 
hash methods".

Is there any reason to run traditional mode? Because in my experience itharder to maintain in each supsequent version.

My guess is you need to bite the bullet and go for the change. Runningtraditional mode with VPN-1 Edges is becoming increasingly difficult asyou now seem to enjoy.


Hugo.

--
        hvdkooij AT vanderkooij DOT org http://hugo.vanderkooij.org/
            This message is using 100% recycled electrons.

        Some men see computers as they are and say "Windows"
        I use computers with Linux and say "Why Windows?"
                (Thanks JFK, for the insight.)

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] NGX RX65 and Edge VPN troubles, Thomas Nilsen Re: [FW-1] NGX RX65 and Edge VPN troubles, David DeSimone Re: [FW-1] NGX RX65 and Edge VPN troubles, Thomas Nilsen Re: [FW-1] NGX RX65 and Edge VPN troubles, David DeSimone Re: [FW-1] NGX RX65 and Edge VPN troubles, Thomas Nilsen Re: [FW-1] NGX RX65 and Edge VPN troubles, Hugo van der Kooij <= Re: [FW-1] NGX RX65 and Edge VPN troubles, no-need to-list Re: [FW-1] NGX RX65 and Edge VPN troubles, Thomas Nilsen Re: [FW-1] NGX RX65 and Edge VPN troubles, Ray Re: [FW-1] NGX RX65 and Edge VPN troubles, no-need to-list

Previous by Date:	Re: [FW-1] Problem with VPN, Ali Husen Sumantoro
Next by Date:	Re: [FW-1] NGX RX65 and Edge VPN troubles, Thomas Nilsen
Previous by Thread:	Re: [FW-1] NGX RX65 and Edge VPN troubles, Thomas Nilsen
Next by Thread:	Re: [FW-1] NGX RX65 and Edge VPN troubles, no-need to-list
Indexes:	[Date] [Thread] [Top] [All Lists]