Any other objects defined within the dashboard as a CP gateway. Do you have the single cluster object with 2 cluster members and the enc domain manually defined for the cluster object? Is your topology defined correctly for the cluster object? Did you add the gateways to the cluster or create them from within the cluster?
vpn overlap_encdom This command will show you any vpn domains that may be overlapping. If this command does not show any overlap look at the interface definition for all gateways and make sure there is no overlap with the interfaces on any additional gateways you may have. When your VPN client is trying to download the topology it is seeing 2 gateways that have a partial overlap with enc domains. With this scenario the client does not know which gateway to go to when trying to reach something within this overlap so the site does not get defined. -GS -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Brandon Liew Sent: Sunday, November 05, 2006 11:04 AM To: [email protected] Subject: Re: [FW-1] Secure Remote error Gary, What do you mean i have other FW defines? i will try to run the vpn overlap_encdom? What does this command do? Thanks On 11/5/06, Gary Scott <[EMAIL PROTECTED]> wrote: > > Do you have any other FW's defined? Have you run this command vpn > overlap_encdom? You could also have FW objects that have an overlap with > their interfaces that would give you the same error and the vpn > overlap_encdom will not show you this. > > -GS > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of Brandon > Liew > Sent: Sunday, November 05, 2006 8:09 AM > To: [email protected] > Subject: Re: [FW-1] Secure Remote error > > Hugo, > > Yeah, this is how i setup my cluster firewall but i have no idea why the > problem still exist. > Any advise for me to resolve the problem? > > > On 11/5/06, Hugo van der Kooij <[EMAIL PROTECTED]> wrote: > > > > On Sun, 5 Nov 2006, Brandon Liew wrote: > > > > > Both firewall had been defined as a cluster and i already map both > of > > them > > > into a encryption domain manually. > > > i had manually check it each firewall that the enc domain is the > same > > > > This sounds as if you have 2 cluster objects. Which would be utterly > > wrong. You should create a normal gateway object for each IP-390 and > then > > define a new cluster in 3rd party mode and make both IP-390 members of > > that cluster object. > > > > Say the first IP-390 is called bastion-A (192.168.1.1) and the second > one > > is called bastion-b (192.168.1.2). Then you create a cluster named > bastion > > (192.168.1.3) and add bastion-a and bastion-b to it as members. > > > > Hugo. > > > > -- > > [EMAIL PROTECTED] http://hvdkooij.xs4all.nl/ > > This message is using 100% recycled electrons. > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > > > -- > Warmest Regards > > Brandon Liew > > > CONFIDENTIAL POLICY: > > "THIS E-MAIL AND ANY FILES TRANSMITTED WITH IT CONTAINS INFORMATION > WHICH > MAY BE CONFIDENTIAL IT IS INTENDED SOLELY FOR THE USE OF THE INDIVIDUAL > OR > THE ENTITY TO WHOM THEY ARE ADDRESSED. IF YOU ARE NOT THE INTENDED > RECIPIENT, PLEASE BE ADVISED THAT YOU HAVE RECEIVED THIS E-MAIL IN ERROR > AND > THAT ANY USE, DISSEMINATION, FORWARDING OR PRINTING OF THIS E-MAIL IS > STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS E-MAIL IN ERROR, PLEASE > NOTIFY US BY RETURN E-MAIL AT THE ADDRESS ABOVE AND DELETE THE E-MAIL > FROM > YOUR FILES. THANK YOU FOR YOUR CO-OPERATION." > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Warmest Regards Brandon Liew CONFIDENTIAL POLICY: "THIS E-MAIL AND ANY FILES TRANSMITTED WITH IT CONTAINS INFORMATION WHICH MAY BE CONFIDENTIAL IT IS INTENDED SOLELY FOR THE USE OF THE INDIVIDUAL OR THE ENTITY TO WHOM THEY ARE ADDRESSED. IF YOU ARE NOT THE INTENDED RECIPIENT, PLEASE BE ADVISED THAT YOU HAVE RECEIVED THIS E-MAIL IN ERROR AND THAT ANY USE, DISSEMINATION, FORWARDING OR PRINTING OF THIS E-MAIL IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS E-MAIL IN ERROR, PLEASE NOTIFY US BY RETURN E-MAIL AT THE ADDRESS ABOVE AND DELETE THE E-MAIL FROM YOUR FILES. THANK YOU FOR YOUR CO-OPERATION." ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
