Are there any faqs for fw-1 and asl vpn configuration? When I tried out 3Des vpn between these fw's, checkpoint complained about "no matching encryption methods between these two gw's".
We're connecting with a Client with CheckPoint VPN using two ASL 2.026 firewalls.
We elected to use shared secrets, as the client couldn't figure out how to use RSA keys. After changing the key refresh times on their end, things have worked fine. It appears you can't use PFS with CheckPoint, however.
Unfortunately, I don't have the gory details of the install on their end, but I can state that we've worked flawlessly since deployment.
CheckPoint also seems to recover from VPN "hiccups" when changing firewall rules much better than Cisco concentrators. With Cisco, you bounce it a few times, and the connection will not come back unless you completely disable VPN and then reenable it within the firewall. Odd behaviour, but we've learned to deal with it (and to only make packet filter changes during off-peak hours).
