Hi all,
Firewall and manager are R81. user.def.FW1 is the file I edited, and the range is shown:
localhost:
-------- subnet_for_range_and_peer --------
static, id 540
<cb00713a, 0a1fef00, 0a1fefff; ffffff00>
In the community settings I set ike_p2_enable_supernet_from_R80.20 to false.
I changed global ike_use_largest_possible_subnets to false and pushed policy, but still failing. My test Juniper firewall shows:
Traffic-selector mismatch, vpn name: CHECKPOINT-VTI, Peer Proposed traffic-selector local-ip: ipv4(0.0.0.0-255.255.255.255), Peer Proposed traffic-selector remote-ip: ipv4(0.0.0.0-255.255.255.255)
Here's the globals before I edited the supernet:
There must be something else I'm missing but I can't see what.