Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] IKE VPN between two FW1 Machines

To: "'[email protected]'" <[email protected]>, [email protected]
Subject: RE: [FW1] IKE VPN between two FW1 Machines
From: "Gaughan, Daniel" <[email protected]>
Date: Sat, 16 Dec 2000 09:45:39 -0500
Sender: [email protected]

You need to de-select the following checkbox on your 4.1 SP2 policy.

 Workstation object -> VPN tab -> IKE (Edit button) -> Support keys exchange
for subnets.

Hope that helps,
Daniel Gaughan

-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Friday, December 15, 2000 5:14 PM
To: [email protected]
Subject: [FW1] IKE VPN between two FW1 Machines



I will keep this short and sweet in the hopes that it gets read and possibly
even a response.  I am trying to do a VPN between a FW1 4.0 Sp6 machine and
a FW1 4.1 Sp2 machines.  Here is what I have defined:

Subnet A: 172.18.8.0 255.255.252.0
Subnet B: 172.18.4.0 255.255.252.0

Both Firewalls have the licensing installed on the External Interface.  The
encryptions domains for both firewalls are the local subnets (A for 1, B for
2) plus the external hosts I am doing NAT on, i.e. the webserver, the smtp
server.  Here are my 2 rules and the error messages I get.

1.  Subnet A	SubnetB	Any	Encrypt
2.  SubnetB	SubnetA	Any	Encrypt

Nat Rules:

1.  SubnetA	SubnetB	Any	Original	Original	Original

Nat Rules (for other machine):

2.  SubnetB	SubnetA	Any	Original	Original	Original
The log error messages I get are as follows....

ISAKMP Log: Sent Notification: invalid id information <phase2 stage1>: peer
may have sent an ID of type subnets, which is not supported in this version

Negotiation Id: 2d30cfb5

Cheers,

Jamie




The information transmitted by the following E-Mail is intended only for the
addressee and may contain confidential and/or privileged material. Any
interception, review, retransmission, dissemination, or other use, or taking
any action upon this information by persons or entities other than the
intended recipient is prohibited by law and may subject them to criminal or
civil liability. If you received this communication in error, please contact
us immediately atext. 3600 and delete the communication from
any computer or network system.




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] [FW-1] Strange behaviour of Firewall
Next by Date: RE: [FW1] [FW-1] Pls help to get License
Previous by thread: [FW1] IKE VPN between two FW1 Machines
Next by thread: RE: [FW1] IKE VPN between two FW1 Machines
Index(es):
- Date
- Thread