[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]

[fw1-gurus] VPN difficulties.

Subject: [fw1-gurus] VPN difficulties.
From: skearley@xxxxxxxxxxxxxxxxxxxxx
To: fw1-gurus@xxxxxxxxxxxxxxxxxx
Date: Mon, 29 Dec 2003 16:27:56 -0330

I posted to this group earlier regarding problems I have been having with
establishing a VPN between our Checkpoint NG-AI firewall and our system
companies Sonicwall Firewalls.  While I did receive indication that some of
you have this working, and received some pointers as to what to look out
for, I have so far been un-successful in getting this to work.

I have recently received a Sonicwall from one of our sister companies, and
have been able to work on this myself, and have noticed the following entry
in the Sonicwall log

"IKE Responder: No match for proposed remote network address" with a note
field 192.168.100.0/22

I have read some postings here regarding NG's attempts to combine
consecutive network address ranges into single supernetted addresses.  I
have defined all the individual subnets that we use within the company and
created a group with these networks and used this group as the encryption
domain.  For our VPNs to our sister companies, they have need to access only
1 or sometimes 2 of our subnets.  If what I think is happening however is
correct, Checkpoint is combining a group of subnets, and this is confusing
the Sonicwall which is attempting to access only 2 subnets within this
group.

Can anyone provide some insight into how I might overcome this problem or if
in fact this is my problem.

Thanks in advance
Shawn Kearley
======================================
Shawn Kearley
Infrastructure Analyst
Newfoundland Power Co. Ltd.

Phone: (709) 737-5724
Fax:   (709) 737-5832
Email: skearley@xxxxxxxxxxxxxxxxxxxxx



======================================
Shawn Kearley
Infrastructure Analyst
Newfoundland Power Co. Ltd.

Phone: (709) 737-5724
Fax:   (709) 737-5832
Email: skearley@xxxxxxxxxxxxxxxxxxxxx


---------------------------------------------------------------------
FireWall-1 Gurus Mailing List (http://www.phoneboy.com/gurus)
To unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx

Prev by Date: RE: [fw1-gurus] AI - VRRP Configuration
Next by Date: RE: [fw1-gurus] Constant disco/reconnects for Securemote users
Previous by thread: [fw1-gurus] VPN Keepalives?
Next by thread: RE: [fw1-gurus] VPN difficulties.
Index(es):
- Date
- Thread