Steve, 4 month ago, I was building a site2site-VPN between CP NG AI R55 HFA_08 and X-edge: same problem. I contacted my reseller and he told me that NAT-T (NAT traversal) is supported bye X-edge and CP but CP have not to be behind a NAT device ( only the X-edge ) It seems that x-edge support NAT-T, but Checkpoint doesn't support "full" NAT-T. :(
In summary: X-edge-----NATdevice-----Internet----NATdevice----Checkpoint ---> VPN NOK!!!! X-edge-----NATdevice-----Internet----Checkpoint ---> VPN OK!!! I don't know if the HFA_12 CP resolves this problem. Bye Corrado -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Behalf Of Stephen W. Stewart Sent: mercoled�, 16. febbraio 2005 21:32 To: [email protected] Subject: Re: [FW-1] VPN-1 Edge X Setup Another piece of the puzzle to think about. When trying to connect to a Service Center my FW-1 log shows the following message: message_info: Implied rule encryption failure: Different community ID, possible NAT problem (VPN Error code 02) Steve -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ray Sent: Wednesday, February 16, 2005 10:12 AM To: [email protected] Subject: Re: [FW-1] VPN-1 Edge X Setup Check out 5.0.50. It fixed a bunch of VPN problems in 5.0.43 including a memory leak that made me have to reboot mine every few days. Ray >From: Russell Aspinwall <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[email protected]> >To: [email protected] >Subject: Re: [FW-1] VPN-1 Edge X Setup >Date: Wed, 16 Feb 2005 14:15:15 +0000 > >Hi, > >I have used a variety of firmware versions on the Edge and found >v5.0.43x a vast improvement since v4.0.93x and many in between. Site to >Site VPNs offer a significantly better level of performance and >reliability, primarily NGAI R55 to Edge, Edge to Edge VPNs have not >been a problem. > >Stephen W. Stewart wrote: >>Hi All, >> >>Trying to set up an Edge X box for a remote office in Site to Site mode. >>I currently have 2 other sites that are working just fine. The only >>difference with the new X is that it will have a static IP and the two >>that are working are using DHCP. >> >>I can create the site and then look in the reports section at the VPN >>Tunnels section and nothing shows up. If I ping the internal IP of >>the X box a tunnel is established and the X box replies. I cannot >>ping the other way into the "home" network behind the FW-1. >> >>The established tunnel shows IKE (Phase 1): 3DES/SHA1. >> >>Any ideas? >> >>Thanks >> >> >>Stephen W. Stewart >> >>================================================= >>To set vacation, Out-Of-Office, or away messages, send an email to >>[EMAIL PROTECTED] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>To unsubscribe from this mailing list, please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>If you have any questions on how to change your subscription options, >>email [EMAIL PROTECTED] >>================================================= >> > > >-- >Regards > >Russell > >================================================= >To set vacation, Out-Of-Office, or away messages, send an email to >[EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your subscription options, >email [EMAIL PROTECTED] >================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ****************************************************** Visit: http://www.rtsi.ch This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
