I think you may have to use the DAIP module on the new NGX gateway for this to work.
-GS -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: Monday, January 15, 2007 10:25 AM To: [email protected] Subject: [FW-1] VPN assistance Hi All, Wondering if someone can help me with this? I have a customer that recently migrated from a Cisco IOS router aththe HQ over to Checkpoint NGx firewall. On the IOS router, they have a site-2-site VPN between this IOS router and another IOS router at a remote branch. The IOS router at the remote branch gets its IP address from the ISP via DHCP so it IP address changes every couple days or so. On the IOS router at the HQ, I setup the VPN to accept ISAKMP and ESP from "any" via "isakmp key xxxx address 0.0.0.0 netmask 0.0.0.0". I make the pre-share key to be 200 characters long so if the pre-share and the encryption domain matches, the VPN will work and it works. When the customer migrates over to NGx Firewall at the HQ, I don't know how to make it work with "isakmp key xxxx address 0.0.0.0 netmask 0.0.0.0" in IOS router with NGx firewall at the HQ. Can someone help me with this? In other words, I want the NGx to accept isakmp/esp from "any" and have the vpn tunnel up and running once the pre-share and encryption domain matches. Thanks. cisco4ng --------------------------------- Never miss an email again! Yahoo! Toolbar alerts you the instant new Mail arrives. Check it out. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
