If all you're doing is site-to-site, you can do it just like any other VPN. Create an extenally managed Check Point object and use either certificate or pre-shared key. Then it's easy. If you decide you want central management, I have a doc that describes the step-by-step process. And it works.
I've done it both ways and works without a problem. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Darren Martz Sent: Saturday, July 17, 2004 2:55 AM To: [EMAIL PROTECTED] Subject: [FW-1] R55 / Edge - Site to Site What is the best way to setup a site to site tunnel between an NG AI R55 box and an Edge X appliance? Some key points about the R55 box: - Running on SecurePlatform - Head office - Static NAT configuration (10.1.1.x) - All public addresses are static - version R55 HFA 04 Some key points about the Edge appliance: - Self managed (not managed by the R55 box) - Remote office - NAT configuration (192.168.20.x) - DHCP external but always receives the same IP - version 4.0.93x So far I have tried many combinations without success. Example1: - created an externally managed "VPN-1 Edge" object - the Edge VPN-domain topology set as "this gateway" - attached to a Star communitity - the policy always fails if a rule references anything to do with VPN??? Example2: - created an externally managed "Checkpoint Gateway" object - tunnel connects allowing the Edge to access 10.1.1.x addresses based on R55 policy - any attempt to access any Edge address (192.168.20.x) fails with an error regarding "unknown peer" I have also tried remote access configurations but could never get a valid policy to work. Perhaps I have missed something completely. We had this problem with FP3 before we upgraded and we still have it with R55. Any ideas or suggestions are welcome!! ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
