I don't think that's going to work. When an Edge is managed by SmartCenter,
certificate authentication has to be used. But the PIX requires a shared
secret. In a community, all members must chare the same authentication
scheme, don't they?
Ray
From: Herold Heiko <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: [FW-1] VPN EdgeX to pix, managed by smartcenter ?
Date: Fri, 10 Jun 2005 12:41:28 +0200
I have a Sofaware Edge X, firmware 4.5.64x.
Management center R55 HFA13.
I'm trying to configure a vpn edge to pix, no nat involved, using shared
secret, 3des, sha.
While connected to the management center if I try to configure a vpn
profile
from dashboard, install, "update" on edge, in debug crypto isakmp I see the
pix won't accept any proposal.
I checked the usual things (network mismatch, parameter mismatch,
renegotiation periods), everything seems ok.
The configuration was done in simplified mode, star community using shared
secrets.
However if on the edge I add manually another vpn site with same parameters
from the edge web interface, the vpn comes up nicely and works. Obviously
in
that way rules can't be configured centrally, it seems either I use "vpn
does bypass firewall" and let flow everything or I don't and get nothing.
At
least I know the pix stuff should be ok.
Are there any specific known gotchas around ? Or some documentation or
sample configurations more specific than the usual "checkpoint to pix
configuration sample" ? I didn't find anything useful yet :(
Thanks
Heiko
--
-- PREVINET S.p.A. www.previnet.it
-- Heiko Herold [EMAIL PROTECTED] [EMAIL PROTECTED]
-- +39-041-5907073 ph
-- +39-041-5907472 fax
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
