Hi lads, I've been trying to configure a VPN between a Check Point NG (FP1 and FP3) to Cisco Concentrator 3000 VPN. Finally, I was able to establish the tunnel. I had the following problem:
|-------[CP NG FP3]----Internet----[Cisco]----| Net 1 Net 2 When I ping (as in access anything at all) from Net 2 to net 1, everything is fine.... when you try to ping from net 1 to net 2 only phase 1 is completed but phase 2 isn't. The message that I get in both logs is that the Cisco is sending a "delete SA" message to the Check Point peer. After some research, I found out that this is due to the Cisco peer: both encryption domains must be set exactly alike. I mean, both Encryption domains must be configured as the same subnetwork... it is not posible for you to have a Class B encryption domain defined for the Check Point (in the Check Point object) and a class C encryption domain defined in the Cisco side (for the Check Point encryption domain). I configured the same subnet as the Check Point encryption domain in both peers, and everything worked fine. Now, I have the following question for you guys.... what if I have a group defined in the Check Point side as the encryption domian?. It is not posible to configure a group on the Cisco side... it has like a field that you can fill with a subnet and a mask (I don't know that much of the Cisco concentrator, actually, I don't know anything at all!, that's why I came to you....). Is it posible to define like a group, or a list, as an encryption domain?. What should/can I do?. Cheers, nd thanks, LB ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
