I am very new to NG. We upgraded recently directly from 4.1. We run VPN tunnels to all different kind of peers like Symantec/Velociraptor, Watchguard/Firebox, Cisco, Linux/FreeSWan, Zywall 10, Checkpoint 4.1 and it was a hell of a task to make them all running again on NG in traditional mode. Now I would like to utilize VPN Routing especially for the SecureRemoteClients to make the VPN connected Sites available to them.
I was told that this works only in simplified mode, but i am afraid to switch to simplified mode since i heard a lot of bad stories about it, especially when you have to deal with many different VPN peers, requiring different and dedicated settings.
I don't understand why VPN Routing is only available in simplified mode. From my understanding, "Simplified mode" is just another visual presentation, but from the firewalls point of view, both methods generate a ruleset.
So my question rather is: Is there a way to utilize VPN routing in traditional mode by making required modifications manually in files?
I know it sounds a bit basic but if no one can supply any better advice try reading the VPN-1 guide with NG r55. On page 238 of the guide it says that VPN routing between gateways that are not members of a VPN Community is configured by editing the configuration file $FWDIRconfvpn_route.conf.
On one of the firewalls i configure with its own management station i have converted its policy to simplified without too many problems. The vpn routing for our secureclient users works fine so someone can secureclient into the firewall and can connect through a firewall to firewall vpn to a device beyond the other firewall.
