Hi.
I tried reinstalling the tunnel and I have changed the tunnel to one tunnel per
gateway pair as I commented pkc_mls.
He had seen the workaround sk30919 but my files are different, I have the R65
version and these are the directories and files.
This is Check Point VPN-1(TM) & FireWall-1(R) NGX (R65) HFA_50
[server]# find / -name user.def
/opt/CPsuite-R65/fw1/lib/user.def
/opt/CPngcmp-R65/lib/user.def
/opt/CPR55WCmp-R65/lib/user.def
/opt/CPvsxngxcmp-R65/lib/user.def
/opt/CPEdgecmp-R65/lib/user.def
/opt/CPEdgecmp-R65/libsw/user.def
[server]# cd $FWDIR/conf
[server]# pwd
/opt/CPsuite-R65/fw1/conf
[server]# ls -l user.*
-rwxrwx--- 1 root bin 223 Feb 9 10:26 user.def.EdgeCmp
-rwxrwx--- 1 root bin 842 Feb 9 10:29 user.def.NGCMP
-rwxrwx--- 1 root bin 847 Feb 9 10:30 user.def.NGX_R60
-rwxrwx--- 1 root bin 847 Feb 9 10:31 user.def.R55WCMP
-rwxrwx--- 1 root bin 849 Feb 9 10:32 user.def.VSXCMP
I set this lines in user.def.NGX_R60
max_subnet_for_range = {
< 130.0.0.0, 130.255.255.255; 255.0.0.0 >,
< 192.18.0.0, 192.18.255.255; 255.255.0.0 >
};
Checkpoint Support --> For NGX SmartCenter servers, the $FWDIR/lib/user.def
file has been replaced by several files. These files are in the $FWDIR/conf
directory, according to compatibility packages:
NGX Security Gateways:
user.def.NGX_R60
It´s a good option set by gateway
subnet_for_range_and_peer = {
< 1.1.1.1, 130.0.0.0, 130.255.255.255; 255.0.0.0 >,
< 2.2.2.2, 192.18.0.0, 192.18.255.255; 255.255.0.0 >
};
Thanks
Antonio
-----Mensaje original-----
De: Mailing list for discussion of Firewall-1
[mailto:[email protected]] En nombre de Gustavo Rios P
Enviado el: lunes, 08 de febrero de 2010 17:36
Para: [email protected]
Asunto: Re: [FW-1] Problems with VPN tunnel subneting
Hi Antonio,
Every time I have this "Check Point VPN supernetting thing" I have solve the
issue as instructed on sk30919.
I know that you already told us that you try this sk, so my comment is:
It's important to know the Management Server or SmartCenter Server version,
because if it's running R70 o above, you will need to edit the file
$FWDIR/conf/user.def.NGX_FLO
This is how my file looks:
[exp...@fw-1]# more $FWDIR/conf/user.def.NGX_FLO
#ifndef __user_def__
#define __user_def__
//
// User defined INSPECT code
//
max_subnet_for_range = {
<10.150.0.0, 10.150.0.255; 255.255.255.0>,
<10.152.0.0, 10.152.0.255; 255.255.255.0>
};
#endif /* __user_def__ */
That info is NOT on sk30919.
I hope this helps...
_______________________________
Gustavo Ríos P.
Network Security Engineer
email: [email protected]
www.cybertechprojects.com
Telf.: +58 212 266 1980/ 2503
Cel: +58 412 801 4879
Fax: +58 212 266 9995
******************************************************
NOTA CONFIDENCIAL: La información contenida en este E-mail es confidencial y
sólo puede ser utilizada por la persona o la compañía a la cual está
dirigido y/o por el emisor. Si no es el receptor autorizado, cualquier
retención, difusión, distribución o copia de este mensaje es prohibida y
será sancionada por la ley. Si por error recibe este mensaje, favor
devolverlo y borrar el mensaje recibido inmediatamente.
CONFIDENTIAL NOTE: The information in this E-mail is intended to be
confidential and only for use of the individual or entity to whom it is
addressed and/or the issuer. If you are not the intended recipient, any
retention, dissemination, distribution or copying of this message is
strictly prohibited and sanctioned by law. If you receive this message by
error, please immediately send it back and delete the message received.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of Antonio
Barrantes
Sent: Jueves, 04 de Febrero de 2010 09:20 a.m.
To: [email protected]
Subject: [FW-1] Problems with VPN tunnel subneting
Hi,
I have problems whit a VPN tunnel. This publishing a 9-bit network when it
should be 8 bits.
The configuration is correct. I have done the solutions that Checkpoint
Support has sk26336 sk30919.
The problen is not resolve.
Do you have any idea?
Thanks
Antonio
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
