Since you want to use private IP's you should probably use ISKAMPI/OAKLEY aka IKE. This will encrypt the whole packet where as FWZ or SKIP leave the IP header alone which would cause your packets to be dropped at your ISP's router. Both FWs need to know the Encryption domains of the other FW so that routing can be correctly performed. go to www.phoneboy.com it is a great resource for the Checkpoint software. There are directions there for what steps to take to get them working right. Take a look at your FW1 book VPN-1/Firewall1 reference guide.
Hope this helps,
Mike
-----Original Message-----
From: Winway [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 05, 2001 2:51 AM
To: [EMAIL PROTECTED]
Subject: VPN between Globe IP and Private IP?
RE: CheckPoint FW1 - unknown established TCP packetHi,everybody
Net-A(Globe IPs)
|
FW1-A
|
Internet
|
FW1-B(Hide NAT)
|
Net-B(Private IPs)
The network topology is shown above. I want to set up VPN between Net-A and
Net-B.
When both Net-A and Net-B are of globe IPs, I can define 2 networks on both
FWs and let them visit each other via encryption.But when Net-B is of
private IPs and visits the Internet by Hide NAT,can I still define it as a
network of private IPs on the FWs? I've tried this way,but seemed not work.
How can I do to set up VPN in this case?
Thanks.
Winway
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
