I believe Edge boxes managed by a SmartCenter server must use a certificate
or they can't be managed.
Ray
From: Charalambos Klitiropoulos <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] VPN EdgeX to pix, managed by smartcenter ?
Date: Fri, 10 Jun 2005 20:56:00 +0300
Yes, all members must share the same authenctication method, but that
doesn't mean it can not be shared secret key.
On 6/10/05, Ray <[EMAIL PROTECTED]> wrote:
>
> I don't think that's going to work. When an Edge is managed by
> SmartCenter,
> certificate authentication has to be used. But the PIX requires a shared
> secret. In a community, all members must chare the same authentication
> scheme, don't they?
>
> Ray
>
> >From: Herold Heiko <[EMAIL PROTECTED]>
> >Reply-To: Mailing list for discussion of Firewall-1
> ><[email protected]>
> >To: [email protected]
> >Subject: [FW-1] VPN EdgeX to pix, managed by smartcenter ?
> >Date: Fri, 10 Jun 2005 12:41:28 +0200
> >
> >I have a Sofaware Edge X, firmware 4.5.64x.
> >Management center R55 HFA13.
> >
> >I'm trying to configure a vpn edge to pix, no nat involved, using
shared
> >secret, 3des, sha.
> >
> >While connected to the management center if I try to configure a vpn
> >profile
> >from dashboard, install, "update" on edge, in debug crypto isakmp I see
> the
> >pix won't accept any proposal.
> >I checked the usual things (network mismatch, parameter mismatch,
> >renegotiation periods), everything seems ok.
> >The configuration was done in simplified mode, star community using
> shared
> >secrets.
> >
> >However if on the edge I add manually another vpn site with same
> parameters
> >from the edge web interface, the vpn comes up nicely and works.
Obviously
> >in
> >that way rules can't be configured centrally, it seems either I use
"vpn
> >does bypass firewall" and let flow everything or I don't and get
nothing.
> >At
> >least I know the pix stuff should be ok.
> >
> >Are there any specific known gotchas around ? Or some documentation or
> >sample configurations more specific than the usual "checkpoint to pix
> >configuration sample" ? I didn't find anything useful yet :(
> >Thanks
> >Heiko
> >
> >--
> >-- PREVINET S.p.A. www.previnet.it <http://www.previnet.it>
> >-- Heiko Herold [EMAIL PROTECTED] [EMAIL PROTECTED]
> >-- +39-041-5907073 ph
> >-- +39-041-5907472 fax
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to [EMAIL PROTECTED]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >[EMAIL PROTECTED]
> >=================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
