[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] IPSEC
It is probably the checkpoint. There were two iterations of the IPSEC standard, and the 1.0 as it is called required SA's based upon host ip address. That is, from each host to another host, there was a separate SA. As soon as this was agreed upon as a standard, a lot of vendors began to summarize this information into subnet based SA's. This mean that any two devices on the x.x.x.1-255 class c net would use the same tunnel for connections to y.y.y.1-255 on the partner vpn net. FW-1 v4.0 was based upon the previous standard, that of subnet based, and although systems are supposed to be backward compatible, they are not. Therefore, you might look into your firewall logs (if you have log isakmp negotiations checked) and you should see a message such as 'peer is using subnet based SA's not supported in this version.' The solution, upgrade to firewall-1 4.1 [email protected] wrote: > Has anyone had experience with the new Netopia R9100 and Checkpoint (NOKIA) > FW1 doing ipsec. I am running FW1 4.0 SP5. I can't seem to get the tunnels > up and running properly. Netopia says its the checkpoint. Checkpoint says > its the netopia. any help would be great. > > Thanks, > Jeff Zabel > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|