The other 2 location's were created as 'Externally managed checkpoint gateways', and don't show up as objects that I can add to the remote access community.
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Jon Still Sent: Wednesday, September 21, 2005 12:33 PM To: [email protected] Subject: Re: [FW-1] SecuRemote - mulitple sites Brian Hope wrote: > I have 3 offices connected together with site to site vpn's. I'm > using SecuRemote when I'm not at the office, to connect to my main office. > When I'm connected to the main office, I can reach everything at that > location, but not at the other offices that are connected to the main > office via the site to site vpn's. The way I've done this is to have a single site/profile in SecuRemote and to ensure that all the relevant firewalls are part of the remote access community. Using SecuRemote I connect to the main office (using Connect Mode) which gives me access to anything in it's encryption domain. If I want to access anything behind another gateway, I'm prompted to authenticate once I try to access anything in that other encryption domain (much like transparent mode). I imagine that caching passwords on the client will eliminate this 2nd authentication prompt but that doesn't work if you've got some kind of one time password (RSA, etc). In this way I'm setting up tunnels to each individual site - however I've not needed to use any extra profiles for this. So long as the client's topology is up to date I believe this should "just work". Hope this helps. Jon. -- Jon Still E-mail: [EMAIL PROTECTED] tertial.org Web: http://www.tertial.org/ GPG Key: http://xanthein.net/key.asc Key ID: 0x00493D2B ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
