Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1]

To: [email protected]
Subject: Re: [FW-1]
From: "Larson, Jeffrey" <[email protected]>
Date: Thu, 7 Aug 2003 16:23:46 -0400
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

You can only create a traditional mode site-to-site VPN from a NG to 4.1
firewall.

Thank You,
Jeffrey Larson

Senior LAN Technician
Michigan Millers Mutual Ins.CCNA  Network+
<mailto:[email protected]>

############################################################################
###############################
This e-mail and any files transmitted with it may contain confidential
and/or proprietary information. It is intended solely for the use of the
individual or entity who is the intended recipient. Unauthorized use of this
information is prohibited. If you have received this in error, please
contact the sender by replying to this message  and delete this material
from any system it may be on.
############################################################################
#################################



-----Original Message-----
From: rif raf [mailto:[email protected]]
Sent: Thursday, August 07, 2003 3:48 PM
To: [email protected]
Subject: [FW-1]


We are in the process of setting up a site-to-site vpn between our NG FP2
and an externally managed V4.1.

Firstly, I need to check with the other folks on what is the difference
creating a policy in simplified and traditional modes.

Using traditional mode, stuff like "support aggressive mode" can be set
under the IKE/Advanced option.
However, this is not possible under simplified mode when the firewall/vpn
object is attached to the vpn community.

Using simplified mode, the initial error encountered was "aggressive mode
not supported". I have to set ike_p1_use_aggressive to true in objects_5_0.C
file and this error was not seen further. But the next error encountered was
"proposal not chosen". We finally decided to go back to traditional mode but
is there a utility to move all the rules from simplified mode to traditional
mode?

If simplified mode is the way to go in the future, what about site-to-site
with non-checkpoint vpn products?

TIA.
Rif

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] AW: [FW-1] AI and SmartDefense
Next by Date: [FW-1] NG FP3 back rules and restore
Previous by thread: Re: [FW-1]
Next by thread: [FW-1]
Index(es):
- Date
- Thread