First off, thank you for responding Reinhard!! We do need bi-directional access with the branch office, but the office could connect via remote access.
What is the best way to set that up? I have used the external edge object but cannot figure out how to create a valid rule for it. - The edge object is set to remote-access with a password and a certificate ready - The "VPN-1 Embedded devices defined as Remote Access" object is added to a remote-access community. - Created a rule granting access to a service if the VPN is the remote-access community. Installing the policy always yields the error message "Rule 1: the gateway Low does not support communities in the 'VPN' column". I have no idea what "Low" is in the error message, and I don't know what I'm doing wrong. Cheers, Darren -----Original Message----- From: Reinhard Stich [mailto:[EMAIL PROTECTED] Sent: Saturday, July 17, 2004 4:48 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [FW-1] R55 / Edge - Site to Site Do you need access to the branch office? You can use the edge box as a securemote client. Cheers reinhard ))) Message sent using Nokia Access Mobilizer ((( Internet Security AG - www.internet-security.ag --- Original Message --- From: Darren Martz <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Sat Jul 17 08:55:13 CEST 2004 Subject: [FW-1] R55 / Edge - Site to Site What is the best way to setup a site to site tunnel between an NG AI R55 box and an Edge X appliance? Some key points about the R55 box: - Running on SecurePlatform - Head office - Static NAT configuration (10.1.1.x) - All public addresses are static - version R55 HFA 04 Some key points about the Edge appliance: - Self managed (not managed by the R55 box) - Remote office - NAT configuration (192.168.20.x) - DHCP external but always receives the same IP - version 4.0.93x So far I have tried many combinations without success. Example1: - created an externally managed "VPN-1 Edge" object - the Edge VPN-domain topology set as "this gateway" - attached to a Star communitity - the policy always fails if a rule references anything to do with VPN??? Example2: - created an externally managed "Checkpoint Gateway" object - tunnel connects allowing the Edge to access 10.1.1.x addresses based on R55 policy - any attempt to access any Edge address (192.168.20.x) fails with an error regarding "unknown peer" I have also tried remote access configurations but could never get a valid policy to work. Perhaps I have missed something completely. We had this problem with FP3 before we upgraded and we still have it with R55. Any ideas or suggestions are welcome!! ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
