1. when you or your peer firewall behind NAT, ip address for Peer ID always can not match, even you configure the remote firewall use the public ip, and the the peer ID, firewall identifier not working either, does not matter how you configure, but Domain name is working if it match the configuration of remote setting
2. if you want to access the firewall itself, permit any zone of subnet won't work, you need additional firewall rule to permit the interface as well
3. if you want to monitoring the firewall use SNMP, you also need check snmp in advanced setting of VPN
No comments:
Post a Comment