[Date Prev][Date Next][Thread Prev][Thread Next][Thread Index]

RE: [fw1-gurus] VPN difficulties.

Subject: RE: [fw1-gurus] VPN difficulties.
From: "Falde, Kurt" <kfalde@xxxxxxxxxxxxx>
To: <skearley@xxxxxxxxxxxxxxxxxxxxx>, <fw1-gurus@xxxxxxxxxxxxxxxxxx>
Date: Tue, 30 Dec 2003 11:17:23 -0500

Not sure if it will solve the problem however it did for us in one case.
You may want to go on the properties of the Interoperable Device that
you have defined for the Sonicwall and go to the VPN Advanced Properties
and Uncheck the "Support key exchange for subnets" feature. Just another
thing to try :) 


Kurt Falde
LandAmerica INFO1

----------------------------Confidentiality--------------------------
This E-mail is confidential.  It should not be read, copied, disclosed
or
used by any person other than the intended recipient.  Unauthorized use,
disclosure or copying by whatever medium is strictly prohibited and may
be
unlawful.  If you have received this E-mail in error please contact the
sender immediately and delete the E-mail from your system.
------------------------------------------------------------------------

-----Original Message-----
From: skearley@xxxxxxxxxxxxxxxxxxxxx
[mailto:skearley@xxxxxxxxxxxxxxxxxxxxx] 
Sent: Monday, December 29, 2003 2:58 PM
To: fw1-gurus@xxxxxxxxxxxxxxxxxx
Subject: [fw1-gurus] VPN difficulties.

I posted to this group earlier regarding problems I have been having
with establishing a VPN between our Checkpoint NG-AI firewall and our
system companies Sonicwall Firewalls.  While I did receive indication
that some of you have this working, and received some pointers as to
what to look out for, I have so far been un-successful in getting this
to work.

I have recently received a Sonicwall from one of our sister companies,
and have been able to work on this myself, and have noticed the
following entry in the Sonicwall log

"IKE Responder: No match for proposed remote network address" with a
note field 192.168.100.0/22

I have read some postings here regarding NG's attempts to combine
consecutive network address ranges into single supernetted addresses.  I
have defined all the individual subnets that we use within the company
and created a group with these networks and used this group as the
encryption domain.  For our VPNs to our sister companies, they have need
to access only
1 or sometimes 2 of our subnets.  If what I think is happening however
is correct, Checkpoint is combining a group of subnets, and this is
confusing the Sonicwall which is attempting to access only 2 subnets
within this group.

Can anyone provide some insight into how I might overcome this problem
or if in fact this is my problem.

Thanks in advance
Shawn Kearley
======================================
Shawn Kearley
Infrastructure Analyst
Newfoundland Power Co. Ltd.

Phone: (709) 737-5724
Fax:   (709) 737-5832
Email: skearley@xxxxxxxxxxxxxxxxxxxxx



======================================
Shawn Kearley
Infrastructure Analyst
Newfoundland Power Co. Ltd.

Phone: (709) 737-5724
Fax:   (709) 737-5832
Email: skearley@xxxxxxxxxxxxxxxxxxxxx


---------------------------------------------------------------------
FireWall-1 Gurus Mailing List (http://www.phoneboy.com/gurus) To
unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx



---------------------------------------------------------------------
FireWall-1 Gurus Mailing List (http://www.phoneboy.com/gurus)
To unsubscribe, mailto:fw1-gurus-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, mailto:fw1-gurus-help@xxxxxxxxxxxxxxxxxx

Prev by Date: RE: [fw1-gurus] Nokia IP330 Bootmanager password - Please Help!!!
Next by Date: [fw1-gurus] SmartView Reporter & NAT
Previous by thread: [fw1-gurus] VPN difficulties.
Next by thread: [fw1-gurus] ATRG for NG AI R54...Free or not?
Index(es):
- Date
- Thread