Hello again!
I have already tried to do it thru the VPN Routing option while
configuring community via the SmartDashboard...
The problem is that Check Point drops the packets on the spoke, saying
that they belong to the different encryption domains
Combining 2 or more explicitly created internal_net objects into group
and placing it as an encryption domain didn't give any positive
result...it seems that dedicated local network ip acting as an
encryption domain doesn't satisfy my needs. I believe..one encryption
domain is not enough on the central gateway..any ideas?
wbr,
Aleks
What you want to accomplish is totally doable in CP. However, I've never
worked with an IP-40, but I have done what you want to do using Star topo
and domain-based vpn with regular CP gateways. Choose the VPN routing
option on your Star community props ("to center and thru center to
satellites"). You can also edit the $FWDIR/conf/vpn_route.conf file if you
need to route between different communities. Create one rule to cover
traffic in both directions. You can even route vpn-client to vpn-client.
Check out sk31021. Also read the VPN Routing section of the VPN-1 PDF on
your CP media.
HTH,
Neil Delacruz
On 1/25/06, Aleks Feltin <[EMAIL PROTECTED]> wrote:
Hi folks!
I am looking for your help , wchich could be a solution to my issue.
I'm building a site-to-site VPN between 3 gateways. Gateways
authenticate each other using the pre-shared key. Different VPN-1
versions are used with management installed on each. There is also one
Nokia IP-40 embedded device.
Communication between IP-40 and NGX works just perfectly, although this
is not enough. To complete the goal node in LAN-A should access
resources in LAN-B and vice versa.
Check Point VPN guide offers 2 ways how to implement VPN routing - based
on the VPN domain or using the OS routing. I believe the latter is much
more harder.
My first question is which one could be easier to use, and where i could
find some step by step guides according the similar topology?
Additionally, sharing your experience is appreciated!
Here is an information about topology:
VPN Domain A -- 192.168.11.0/24
|
|
[ 192.168.11.1 ]
Firewall A (IPSO/R55W)
[ 10.0.5.2 ]
|
|
External Network -- 10.0.5.0/24
|
|
switch ----- 10.0.5.1 Central Gateway (IPSO/NGX)
|
|
External Network 10.0.5.0/24
|
|
[ 10.0.5.4 ]
Firewall B (Nokia IP-40 embedded device)
[ 192.168.10.1 ]
|
|
VPN Domain B -- 192.168.10.0/24
I hope to get some helpful answers, also i am ready to supply you with
additional information if needed.
with best regards,
Aleks
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
