I haven't had much experience with devices with dynamic IPs, but when you create a new object as Interoperable Device, you can select the option of "Dynamic Address" and then create an interface in the Topology section as dynamically assigned, which tells me you can in fact make it work.
The deal is that, as far as I can see while doing some testing, you must work with certificates and seems like pre-shared keys is not an accepted method, as after creating such a dynamic object, I keep getting messages about the requirement of choosing a CA. Although it is a lot more complicated to do in Cisco IOS than using plain preshared keys, you could in fact generate a certificate from the CheckPoint ICA and load it on the router. Regards On 1/15/07, cisco4ng <[EMAIL PROTECTED]> wrote:
Hi All, Wondering if someone can help me with this? I have a customer that recently migrated from a Cisco IOS router aththe HQ over to Checkpoint NGx firewall. On the IOS router, they have a site-2-site VPN between this IOS router and another IOS router at a remote branch. The IOS router at the remote branch gets its IP address from the ISP via DHCP so it IP address changes every couple days or so. On the IOS router at the HQ, I setup the VPN to accept ISAKMP and ESP from "any" via "isakmp key xxxx address 0.0.0.0 netmask 0.0.0.0". I make the pre-share key to be 200 characters long so if the pre-share and the encryption domain matches, the VPN will work and it works. When the customer migrates over to NGx Firewall at the HQ, I don't know how to make it work with "isakmp key xxxx address 0.0.0.0 netmask 0.0.0.0" in IOS router with NGx firewall at the HQ. Can someone help me with this? In other words, I want the NGx to accept isakmp/esp from "any" and have the vpn tunnel up and running once the pre-share and encryption domain matches. Thanks. cisco4ng --------------------------------- Never miss an email again! Yahoo! Toolbar alerts you the instant new Mail arrives. Check it out. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
-- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
