I have created different VPN communities for different types and type of access. So a change in one community does not affect everyone. Create a separate VPN community just for the Pix(s), you still be able to manage both VPN communities from SmartCenter, Dashboard, VPN manager.
Charalambos Klitiropoulos <[EMAIL PROTECTED]> wrote: Yes, all members must share the same authenctication method, but that doesn't mean it can not be shared secret key. On 6/10/05, Ray wrote: > > I don't think that's going to work. When an Edge is managed by > SmartCenter, > certificate authentication has to be used. But the PIX requires a shared > secret. In a community, all members must chare the same authentication > scheme, don't they? > > Ray > > >From: Herold Heiko > >Reply-To: Mailing list for discussion of Firewall-1 > > > >To: [email protected] > >Subject: [FW-1] VPN EdgeX to pix, managed by smartcenter ? > >Date: Fri, 10 Jun 2005 12:41:28 +0200 > > > >I have a Sofaware Edge X, firmware 4.5.64x. > >Management center R55 HFA13. > > > >I'm trying to configure a vpn edge to pix, no nat involved, using shared > >secret, 3des, sha. > > > >While connected to the management center if I try to configure a vpn > >profile > >from dashboard, install, "update" on edge, in debug crypto isakmp I see > the > >pix won't accept any proposal. > >I checked the usual things (network mismatch, parameter mismatch, > >renegotiation periods), everything seems ok. > >The configuration was done in simplified mode, star community using > shared > >secrets. > > > >However if on the edge I add manually another vpn site with same > parameters > >from the edge web interface, the vpn comes up nicely and works. Obviously > >in > >that way rules can't be configured centrally, it seems either I use "vpn > >does bypass firewall" and let flow everything or I don't and get nothing. > >At > >least I know the pix stuff should be ok. > > > >Are there any specific known gotchas around ? Or some documentation or > >sample configurations more specific than the usual "checkpoint to pix > >configuration sample" ? I didn't find anything useful yet :( > >Thanks > >Heiko > > > >-- > >-- PREVINET S.p.A. www.previnet.it > >-- Heiko Herold [EMAIL PROTECTED] [EMAIL PROTECTED] > >-- +39-041-5907073 ph > >-- +39-041-5907472 fax > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Discover Yahoo! Have fun online with music videos, cool games, IM & more. Check it out! ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
