[FW-1] How to implement multiple VPNs with different encryption domain on the same NG fw module?

[Claudia Ferrari <ferrari@FW1-NOSPAMSECURMATICS.IT>]

Hi all,
I'm trying to implement on a fw-1 module (smart console NG with AI, fw module NG FP2) two VPNs with different encryption domains: a site-to-site VPN  (enc. dom. 192.168.240.0/24) and a client-to-site VPN (enc. dom 192.168.0.0/16).
My first attempt was to put in the encryption domain the /16, but I couldn't make the same change to the other peer (which is external). The two peers couldn't negotiate a security association any more, even if I put the /24 in the encryption rule .
So, I left the /16 in the encryption domain  and I tried to use SecureClient with office mode. No way to reach subnets outside the domain.
I'm using traditional mode VPN but I did some tests using Simplified mode. It seems that there is no possibility  to define the encryption domain on each community.
Any suggestions?
Thanks a lot for your help!

Claudia

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================