Site to Site VPN R55 and R60 HFA03

The message appeared when I tried to create the Externally
Managed Check
Point Gateway not the local gateway. This external gateway
does not have
any interfaces in the topology section. What option should I
select for
the Externally Managed Check Point Gateway in the Link
Selection?

Thanks 

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Sergio
Alvarez
Sent: Monday, October 23, 2006 4:58 PM
To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Site to Site VPN R55 and R60 HFA03

The issue you have is not related with the fact that you
have R55 and
R60 on
both ends, nor that you are using shared-secret.

First make sure the main IP address you have on the gateway
object
(properties > general tab) is in fact one of the IPs
configured on the
machine NICs and if it is and it is not the external one, or
at least
the
one you are using to establish the VPN with the other
gateway, go to the
the
Link seleccion options of the gateway object (properties
>Link
Selection)
and change the "main IP" method for something
different.

For more info about Link Selection, check out the VPN pdf
document for
NGX.

Regards

On 10/23/06, Sam Nimjareansuk <Sambbcpa.com> wrote:
>
> We currently have a Site to Site VPN between three
different locations
> running Check Point R55.
>
>
>
> I'm conducting a test for R60 by creating an Externally
Managed Check
> Point Gateway for a Site to Site VPN (Mesh VPN
Community), the
following
> message appeared:
>
>
>
> You have chosen the "main IP" method of IP
selection for VPN Link
> Selection. However, this gateway's main IP is not a
member of Topology
> table. Under this configuration Link select will not be
functional.
>
>
>
> Is anyone able to setup a site to site VPN successful
between R55 and
> R60 using manual SHARED SECRET?
>
>
>
> Sam Nimjareansuk
>
>
>
>
>
>
> This message contains confidential information and is
intended only
for
> fw-1-mailinglistus.checkpoint.com. If you are not the
named addressee
you
> should not disseminate, distribute or copy this e-mail.
Please notify
the
> sender immediately if you have received this e-mail by
mistake and
please
> delete this e-mail from your system. Finally, the
recipient should
check
> this email and any attachments for the presence of
viruses. Bond Beebe
> Advisors & Accountants accepts no liability for any
damage caused by
any
> virus transmitted by this email. 23/10/2006
> Bond Beebe Advisors & Accountants, 4600 East-West
Highway, Suite# 900,
> Bethesda, MD, 20814-3423, US, www.bbcpa.com
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>



-- 
Sergio Alvarez
(506)8301342

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

This message contains confidential information and is
intended only for Mailing list for discussion of Firewall-1.
If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify
the sender immediately if you have received this e-mail by
mistake and please delete this e-mail from your system.
Finally, the recipient should check this email and any
attachments for the presence of viruses. Bond Beebe Advisors
& Accountants accepts no liability for any damage caused
by any virus transmitted by this email. 24/10/2006
Bond Beebe Advisors & Accountants, 4600 East-West
Highway, Suite# 900, Bethesda, MD, 20814-3423, US,
www.bbcpa.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================

To be honest I thought you were talking about your gateway,
not the
externally managed one, as I have seen that message before.
I have
configured VPNs with externally managed gateways before and
never had that
issue but I guess you can try 2 things:

1) Fill the topology table of the externally managed gateway
manually (at
least the external IP could help). That way your firewall
knows what is on
the other end.
2) Go to Link Selection and select the "Use a probing
method" option, you
can then hit the "configure" button and add the IP
address you want your
firewall to use to establish the VPN and in that way make it
forget about
looking for the topology info.

I would say option number 2 sounds more likely the one to
go, but again,
this is all something I'm suggesting after trying to guess
what causes the
error.

I hope it helps.

Regards

On 10/24/06, Sam Nimjareansuk <Sambbcpa.com> wrote:
>
> The message appeared when I tried to create the
Externally Managed Check
> Point Gateway not the local gateway. This external
gateway does not have
> any interfaces in the topology section. What option
should I select for
> the Externally Managed Check Point Gateway in the Link
Selection?
>
> Thanks
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM]
On Behalf Of Sergio
> Alvarez
> Sent: Monday, October 23, 2006 4:58 PM
> To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
> Subject: Re: [FW-1] Site to Site VPN R55 and R60 HFA03
>
> The issue you have is not related with the fact that
you have R55 and
> R60 on
> both ends, nor that you are using shared-secret.
>
> First make sure the main IP address you have on the
gateway object
> (properties > general tab) is in fact one of the IPs
configured on the
> machine NICs and if it is and it is not the external
one, or at least
> the
> one you are using to establish the VPN with the other
gateway, go to the
> the
> Link seleccion options of the gateway object
(properties >Link
> Selection)
> and change the "main IP" method for something
different.
>
> For more info about Link Selection, check out the VPN
pdf document for
> NGX.
>
> Regards
>
> On 10/23/06, Sam Nimjareansuk <Sambbcpa.com> wrote:
> >
> > We currently have a Site to Site VPN between three
different locations
> > running Check Point R55.
> >
> >
> >
> > I'm conducting a test for R60 by creating an
Externally Managed Check
> > Point Gateway for a Site to Site VPN (Mesh VPN
Community), the
> following
> > message appeared:
> >
> >
> >
> > You have chosen the "main IP" method of
IP selection for VPN Link
> > Selection. However, this gateway's main IP is not
a member of Topology
> > table. Under this configuration Link select will
not be functional.
> >
> >
> >
> > Is anyone able to setup a site to site VPN
successful between R55 and
> > R60 using manual SHARED SECRET?
> >
> >
> >
> > Sam Nimjareansuk
> >
> >
> >
> >
> >
> >
> > This message contains confidential information and
is intended only
> for
> > fw-1-mailinglistus.checkpoint.com. If you
are not the named addressee
> you
> > should not disseminate, distribute or copy this
e-mail. Please notify
> the
> > sender immediately if you have received this
e-mail by mistake and
> please
> > delete this e-mail from your system. Finally, the
recipient should
> check
> > this email and any attachments for the presence of
viruses. Bond Beebe
> > Advisors & Accountants accepts no liability
for any damage caused by
> any
> > virus transmitted by this email. 23/10/2006
> > Bond Beebe Advisors & Accountants, 4600
East-West Highway, Suite# 900,
> > Bethesda, MD, 20814-3423, US, www.bbcpa.com
> >
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERVamadeus.us.checkpoint.com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http:
//www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-ownerts.checkpoint.com
> > =================================================
> >
>
>
>
> --
> Sergio Alvarez
> (506)8301342
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>
> This message contains confidential information and is
intended only for
> Mailing list for discussion of Firewall-1. If you are
not the named
> addressee you should not disseminate, distribute or
copy this e-mail. Please
> notify the sender immediately if you have received this
e-mail by mistake
> and please delete this e-mail from your system.
Finally, the recipient
> should check this email and any attachments for the
presence of viruses.
> Bond Beebe Advisors & Accountants accepts no
liability for any damage caused
> by any virus transmitted by this email. 24/10/2006
> Bond Beebe Advisors & Accountants, 4600 East-West
Highway, Suite# 900,
> Bethesda, MD, 20814-3423, US, www.bbcpa.com
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERVamadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http:
//www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ownerts.checkpoint.com
> =================================================
>



-- 
Sergio Alvarez
(506)8301342

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================