Re: [FW-1] vpn between ngx r60 and pix

Thu, 30 Aug 2007 18:29:18 -0700

There is a default setting in CP that may be causing your problem. Using GUIDbedit look for IKE_USE_LARGEST_POSSIBLE_SUBNET (or something very similar) and change it from TRUE to FALSE and push the policy.
For some ancient reason, only in a site to site VPN, FW-1 will supernet adjacent subnets in an encryption domain. For example, if you have 


172.16.17.0/24 and 172.16.18.0/25 defined, FW-1 will send its topology to 
the other side as 172.16.17.0/23, which Cisco devices really, really hate if 
they're not set up for it that way. The above change will stop that 
behavior.


Ray



From: Luca Rossi <[EMAIL PROTECTED]>

Reply-To: Mailing list for discussion of Firewall-1              
<[email protected]>

To: [email protected]
Subject: [FW-1] vpn between ngx r60 and pix
Date: Thu, 30 Aug 2007 16:34:41 +0200

Hi all,
I need to do a vpn between ngx r60 and cisco pix.  Any
documento o link?

I tried to do a vpn but the smart view tracker give me
this error

encryption fail reason: Packet is dropped because
there is no valid SA - please refer to solution
sk19423 in SecureKnowledge Database for more
information
 any help?
By
Thanks



      ___________________________________

L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail: 
http://it.docs.yahoo.com/nowyoucan.html


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================


_________________________________________________________________

Now you can see troubleĀ…before he arrives 
http://newlivehotmail.com/?ocid=TXT_TAGHM_migration_HM_viral_protection_0507


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================






















					Reply via email to