NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] VPN-1 <-> non-VPN-1 IPsec rekeying


  • To: <[email protected]>
  • Subject: [FW1] VPN-1 <-> non-VPN-1 IPsec rekeying
  • From: "Adams, Gavin" <[email protected]>
  • Date: Wed, 10 Jan 2001 12:50:30 -0400
  • Sender: [email protected]
  • Thread-index: AcB7JXCZlov6PfarSzCXG6UOnmi4fw==
  • Thread-topic: VPN-1 <-> non-VPN-1 IPsec rekeying

Greetings list,

Administratively, how do you deal with firewall policy changes with VPN
connections to non-Checkpoint systems, ala Cisco, SonicWall, FreeSwan,
etc.? Under 4.1 SP2, if a new policy is pushed to an enforcement point,
SA's between VPN-1 firewalls automatically get reestablished while other
IPsec clients/gateways need to clear or restart IPsec services. This is
fine for one or two VPN connections but becomes burdensome when dealing
with 7-8 sites or multiple policy changes per day.

Has anyone checked to see if SP3 allows non-Checkpoint IPsec devices to
gracefully reestablish SA's, or other helpful hints on dealing with
these types of changes? I'm also interested if Checkpoint users have
migrated to IPsec-specific devices, and only use VPN-1 for SecuRemote
users.

Cheers,

--- Gavin


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.