Russell Aspinwall wrote:
Ray X wrote:
Hi Russ,
Are you saying you have four of the Edges as managed by SmartCenter
and this fifth one is a compatible device and uses a manually
installed certificate?
No, they all have fixed IP and all are currently configured as
compatible devices. The compatible devices are all configured
identically with respect to the IKE configuration.
The fifth Edge has it own VPN rule A -> B and B->A as not all
services are required both ways but the encryption configuration is
the same.
From the Edge setting up Site to Site encryption, the configuration
goes easily and the logs report a sucessful VPN connection. However from
NGAI HFA-14 to Edge the traffic is encrypted and the logs indicate the
connection on both. However from the Edge to NGAI HFA-14 the Edge
reports successful VPN but NGAI reports "different encryption methods!!".
Are they all in the same VPN Community?
Ray
From: Russell Aspinwall <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: [FW-1] Edge X and NGAI R55 HFA-14
Date: Wed, 15 Jun 2005 15:03:24 +0100
I have 4 Edge unit and am configuring a fifth as a compatible
device, I have come up against strange behaviour.
All the previous Edge units have been configured using a v4 firmware
release and then upgraded. This fifth edge unit is running the
latest version v5 firmware.
Following the same configuration settings I have with the previous
Edge units, I can create a VPN site on the Edge successfully. The
Edge report shows the successful configuration.
PC1 -> NGAI ---------------- Edge -> PC2
IKE Stage 1 AES-256/SHA1
IKE Stage 2 3DES/SHA1
NGAI can remotely administer Edge
PC1 traffic arrives at PC2
traffic from PC2 does not return to PC1
connecting from PC2 to PC1 results in NGAI stopping with
"encryption failure : different encryption methods".
Before the Edge Units, we had v4.1 SP6 firewalls and VPN connection
problems where about 10 a month, now with the Edge units its 20 a day.
--
Regards
Russell
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
Regards
Russell
Email: russell dot aspinwall at flomerics dot co dot uk
Network and Systems Administrator Flomerics Ltd
Telephone: 020-8941-8810 x3116 81 Bridge Road
Facsimile: 020-8941-8730 Hampton Court
Surrey, KT8 9HH
United Kingdom
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
