That was it. I indirectly got it working by specifying that it did have
FW-1 installed and the version was 4.0 - after that it grayed out the
option. Thanks!
Jamie
-----Original Message-----
From: Gaughan, Daniel [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 16, 2000 9:46 AM
To: MIS Security Alerts; [EMAIL PROTECTED]
Subject: RE: [FW1] IKE VPN between two FW1 Machines
You need to de-select the following checkbox on your 4.1 SP2 policy.
Workstation object -> VPN tab -> IKE (Edit button) -> Support keys exchange
for subnets.
Hope that helps,
Daniel Gaughan
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 15, 2000 5:14 PM
To: [EMAIL PROTECTED]
Subject: [FW1] IKE VPN between two FW1 Machines
I will keep this short and sweet in the hopes that it gets read and possibly
even a response. I am trying to do a VPN between a FW1 4.0 Sp6 machine and
a FW1 4.1 Sp2 machines. Here is what I have defined:
Subnet A: 172.18.8.0 255.255.252.0
Subnet B: 172.18.4.0 255.255.252.0
Both Firewalls have the licensing installed on the External Interface. The
encryptions domains for both firewalls are the local subnets (A for 1, B for
2) plus the external hosts I am doing NAT on, i.e. the webserver, the smtp
server. Here are my 2 rules and the error messages I get.
1. Subnet A SubnetB Any Encrypt
2. SubnetB SubnetA Any Encrypt
Nat Rules:
1. SubnetA SubnetB Any Original Original Original
Nat Rules (for other machine):
2. SubnetB SubnetA Any Original Original Original
The log error messages I get are as follows....
ISAKMP Log: Sent Notification: invalid id information <phase2 stage1>: peer
may have sent an ID of type subnets, which is not supported in this version
Negotiation Id: 2d30cfb5
Cheers,
Jamie
The information transmitted by the following E-Mail is intended only for the
addressee and may contain confidential and/or privileged material. Any
interception, review, retransmission, dissemination, or other use, or taking
any action upon this information by persons or entities other than the
intended recipient is prohibited by law and may subject them to criminal or
civil liability. If you received this communication in error, please contact
us immediately at 954-730-2900 ext. 3600 and delete the communication from
any computer or network system.
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
The information transmitted by the following E-Mail is intended only for the addressee
and may contain confidential and/or privileged material. Any interception, review,
retransmission, dissemination, or other use, or taking any action upon this
information by persons or entities other than the intended recipient is prohibited by
law and may subject them to criminal or civil liability. If you received this
communication in error, please contact us immediately at 954-730-2900 ext. 3600 and
delete the communication from any computer or network system.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
