tag:blogger.com,1999:blog-1532920267188739518.post8525810356159402358..comments2024-03-20T17:11:03.506-05:00Comments on Firewall Guru: Advanced IPSEC VPNs - Phase 2 Quick Mode SelectorsSebastianhttp://www.blogger.com/profile/15029150331907372597noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-1532920267188739518.post-18522684066489666472017-04-18T02:20:23.229-05:002017-04-18T02:20:23.229-05:00This comment has been removed by a blog administrator.Anonymoushttps://www.blogger.com/profile/07024067528672289072noreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-87978033912403576342014-04-11T07:31:25.893-05:002014-04-11T07:31:25.893-05:00This comment has been removed by the author.Anonymoushttps://www.blogger.com/profile/06255714367387349576noreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-55419687254820634492012-10-04T10:17:54.827-05:002012-10-04T10:17:54.827-05:00If you try to connect a astaro sophos gateway with...If you try to connect a astaro sophos gateway with more than one subnets and a fortigate with more than one subnet, you have also to create seperate phase2 configurations for every combination.<br />it does not work with one phase2 and a source group and a destination group.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-58288693311902984382009-10-26T12:55:38.640-05:002009-10-26T12:55:38.640-05:00Good point. With VPNs to Cisco I typically end up ...Good point. With VPNs to Cisco I typically end up creating one Phase I and multiple Phase 2 configurations.Sebastianhttps://www.blogger.com/profile/15029150331907372597noreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-13453531046000848642009-10-26T12:46:37.021-05:002009-10-26T12:46:37.021-05:00The Option 'set src-addr-type name' will l...The Option 'set src-addr-type name' will let you to enter the group name in the VPN Domain. But his is not always compatiable with the other vendors. Cisco and FGT will not support this option. The Tunnel will be UP but the communication will be possible from ONLY from the first entity of the group from either ends.<br /><br />Regards, <br />Niranjana BSNiranjana B.Shttps://www.blogger.com/profile/07927400948349966808noreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-74835589733697693922009-08-19T12:49:44.198-05:002009-08-19T12:49:44.198-05:00Hey, just wanted to leave an FYI - if you use addr...Hey, just wanted to leave an FYI - if you use addr-type name on src or dst, you have to do it for the other. In other words, you can't have a name on one and a static IP/range/subnet on the other... you need to define a nameset. It will unhelpfully not tell you this until you hit end, at which point it will just bomb out and revert your changes. Lame!Lidofidohttps://www.blogger.com/profile/10632973420377612730noreply@blogger.com