I remarked that when running an environment with multiple entrypoints for
securemote (hybrid mode flag set) and these entrypoints are connected
together with IKE, the VPN connections between the entrypoints won't work.
Example:
site A ---- VPN(IKE) ---- site B
SR hybrid SR hybrid
mode IKE mode IKE
The VPN connection between site A and site B won't work (=> encryption
failure: error occured scheme: IKE)
But if I remove the SR hybrid mode flag on site B, the VPN connection
between site A/B works again)
But I need hybrid mode IKE for central SR user authentication....
My trick to solve this problem was to change the encryption type to SKIP
between the entrypoints.
Now I can use SR hybrid mode for every entrypoint and the VPN connection
between the sites still works
(tech info: fw1 4.1sp2 linux, sr4176 win)
Or is there another way to fix this situation?
regards,
mike
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
