Hi,
We have site to site VPN tunnel build with our vendor. Our gateway is Checkpoint R80.40 and remote gateway is Cisco ASA. Now the issue is, In remote side if they create Access list with specific source IP address, Destination Network and specific ports and protocol, the VPN connection initiated from our side fails on remote side gateway. Vendor side gateway not accepting our proposal because of we are negotiating connection with 'Any' ports and protocols but they allowed specific ports on their side. If they allow 'Any' ports and protocols on their side, connection will work without any issues.
Considering Security importance in mind, they are insisted us to use with specific ports and protocols.
Kindly some expertise can help me here, how can we negotiate with specific ports and protocols during phase 2 negotiation?