As expected, a simplified policy and full integration of the edge
appliances with smartcenter and VPN communities did not solve this
issue. The same error still occurs after a few minutes. Even tried to
upgrade the Edge firmware to 7.0.33, but to no help.
I suspect this might be a bug in R65 where Edge profiles are
concerned...
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of David
DeSimone
Sent: Wednesday, April 04, 2007 11:02 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] NGX RX65 and Edge VPN troubles
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas Nilsen <Thomas.Nilsen AT ROXAR DOT COM> wrote:
>
> That would be fine if the VPN tunnels didn't work at all. But here we
> see most of the traffic passing thru, where only some gets dropped -
> within the same subnet.
If I remember right, in Traditional mode the hash methods are specified
on each encrypt rule. The behavior you see might result from having
most of your encrypt rules specifying the right method, but one rule is
specifying another method.
As others have said, VPN Communities avoid this problem entirely.
- --
David DeSimone == Network Admin == fox AT verio DOT net
"It took me fifteen years to discover that I had no
talent for writing, but I couldn't give it up because
by that time I was too famous. -- Robert Benchley -----BEGIN PGP
SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFGE2mAFSrKRjX5eCoRAga8AJ4tV07ww5fCcwDzm+Y3P1w/ikYZuQCdGPwz
5gPSMApI6Px8WBg4Zib9BLo=
=+RBW
-----END PGP SIGNATURE-----
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================
DISCLAIMER:
This message contains information that may be privileged or confidential and is
the property of the Roxar Group. It is intended only for the person to whom it
is addressed. If you are not the intended recipient, you are not authorised to
read, print, retain, copy, disseminate, distribute, or use this message or any
part thereof. If you receive this message in error, please notify the sender
immediately and delete all copies of this message.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
