Hi Ryan,
this constellation does work - we had several installations on customers sides.
You definitely need Version 4.1 of the Checkpoint and at least 5.1.x of the PIX.
You must license the PIX for VPN. Then you ll be able to build an IKE-VPN between
your PIX and your Checkpoint.
The problem with older versions of the CP-FW1 was, that subnets where not supported
for IKE-encryption. In 4.1 there is a box in IKE-configuration, that says something
like: Allow
subnets for IKE. You have to check this box.
For configuration examples you should visit http://www.cisco.com .
Regards
Sascha
--------------------------------------------------------------------------------
Sascha Weigelmann Email: [EMAIL PROTECTED]
Tel.: +49 6172-288-383
Mobil 0170-5778857
Fax: +49 6172-288-402
ADS System AG http://www.ads.de
Siemensstr. 25a
D-61352 Bad Homburg
The Network Service Company
--------------------------------------------------------------------------------
>>> "Ryan, Kennedy" <[EMAIL PROTECTED]> 02/23/01 06:05pm >>>
I'm not very familiar with the cisco PIX firewall product.. We'd like to
build a point-to-point VPN between offices; our side using checkpoint
firewall-1 with VPN module, to a remote office running cisco pix. I'm
comfortable with the checkpoint side, but on the cisco pix side, is it as
easy as enabling IPsec and modifying ACL on the cisco device?
Any kind of experience with this type of config would be greatly
appreciated.
Thanks!
Ken Ryan
Network Security Engineer
Viacom, Inc.
Network Engineering
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
