[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NG AI - comments?
If you are referring to voyager https, I noticed that as well. I had an issue where my key exchange from NGAI ( vrrp cluster ) side to remote side was using wrong subnet mask for extenal cluster IP. Netmask is a /21 and it was using /31. I had to set user_largest_subnets to false, and this resolved my issue with the VPN working one way, although the first time I tried it it didnt. Weird thing is that I had a /21 network static'ly routed and that /21 doesnt work anymore. I had to route two /22s While I find it hard to believe that changing the use largest subnet in FW-1 would affect a static route in IPSO, it would not be the first time a checkpoint change had effects on IPSO operating system. -Rob At 04:57 PM 7/8/2003 -0400, Scott Friedman wrote: I just upgraded one of my clients that run Dual Nokia IP 350's with a Secureplatform Management server.
AIM: rg1454bb ICQ: 451690 http://cbs.sportsline.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|