Netscreen <-> Checkpoint FW-1
Jose Muniz
MuniX-1 at PACBELL.NET
Sat Aug 19 03:06:17 EDT 2000
Hello guys and girls,
I am having some problems with interoperability between Netscreen NS-100
in HA mode and Checkpoint FW-1.
I can get them to work just fine [IKE], and actually it performs better
thatn FW-1 to FW-1.
Here is the kicker:
When I fail one of the NS, the rekey negotiation hangs for a few
secconds,
about 30 or so.
I have been tweaking with the lifetimes [Phase 2] and I have tunned it
to 120 secconds, on the Fw-1. Not too good!!
Does anybody has a work around with this, it would be thankfully
appreciated.
As I said it works just fine, the problem is when the HA kicks in..
Jose Muniz
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list