I have a site-to-site vpn between a checkpoint SPLAT R55W and a Cisco pix firewall using pre-share/AES-256/SHA. Everything is working fine. Here comes the problem:
The pix firewall is migrated to a different ISP and the external interface on the pix firewall will be DHCP and the IP gets changed every couple days. On the Checkpoint side, the VPN peering endpoint stays the same (i.e. static IP). I would like to maintain the site-to-site VPN even though we have DHCP on the Pix side. I would like to propose the following and please let me know if this would work: 1) create an interoperable device object and assign an IP address of 0.0.0.0 to this object, 2) create a remote encryption domain for the Pix network and assign this remote encryption domain to the pix object, 3) create a vpn community to include both the Checkpoint & Pix objects and disable NAT inside vpn community, 4) create IPSec and VPN rules, 5) push the policy Will this work? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
