Hi all, I just thought I'd let you know that I've fixed the problem. The problem was that FP3 HF2 was supernetting my vLANs during its IKE negotiation to the linksys (even though it was not supposed to after following sk16536), and the linksys had the networks defined individually. Once I went onto the linksys and defined the supernetted networks everything was fine. Either way, the linksys could access behind FW-1 with no problems.
For the record, I have my rules defined as follows: Security: Source: Destination: Service: Action: FW1Group_A LinksysGroup_B Any Encrypt Source: Destination: Service: Action: LinksysGroup_B FW1Group_A Any Encrypt Address Translation: Source: Destination: Service: Destination: FW1Group_A LinksysGroup_B Any Original Source: Destination: Service: Destination: LinksysGroup_B FW1Group_A Any Original The Linksys is defined as an Interoperable Device, that supports 3DES, DES, Pre-Shared Secret, MD5 and SHA-1. It also supports DH Group 1 and Group 2 (but not Aggressive mode, which doesn't work). It's VPN Domain is LinksysGroup_B containing its network object. The IKE Phase 2 Properties are 3DES, SHA1, No compression, Linksys selected as gateway, PFS Using DH Group 2. That's it. The problem was the networks in my FW1Group_A were contiguous, so FW-1 was offering a supernetted address during IKE negotiation. I calculated what it was offering and defined the tunnels on the linksys using the supernetted addresses and everything was OK. Chris ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
