Dimitris, I have gotten at least 10-15 VPNs working between Sidewinder and Checkpoint. I always set up the Sidewinder side then. I just started working with Checkpoint so I am not too experieced with Firewall-1. The only time I ever had a problem was when the Security Association (encryption domain) did not match on both sides. This means the crypto and networks. I also encountered one issue where the Checkpoint guy was doing clustering and although I would connect to his cluster address for the VPN he would respond from his real IP address. This, of course, did not work. What do the Sidewinder logs give as an error? My experience so far has been that the Sidewinder has more useful error messages than Checkpoint for VPN. If the Sidewinder admin calls Secure Computing for support they will help him set up this VPN as well. You might want to try setting your encrypt rule to any traffic rather than ICMP too just for testing purposes. The error your Checkpoint device is giving i! s generally indicative of a mismatched SA. Both of these products are certified by ICSA Labs so you could go to www.icsalabs.com and see if there is anything useful in their lab configuration notes. They used to list which VPN devices each certified product was tested against and how to configure them.
Regards, Jeffery Gieser ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
