Thanks for your Reply Sir,
Regarding the point stated here I have a couple of question I hope you can
answer this:
1.- You said: [ if you set a vpn community between your gateway and site b,
and specify "accept all encrypted traffic" in the community or create a
dedicated rule for vpn traffic, you'll see ipsec traffic between the network
behind your gateway and the network behind site B's gateway.]
Q1: That is what I have done and I get a error inside the tracker when I
send traffic to site A saying that : "encryption fail reason: Packet is
dropped because there is no valid SA - please refer to solution sk19423 in
SecureKnowledge Database for more information "
2.- You said: [you can also set another rule to allow some traffic to site
A. as site A is not part of any community, the traffic is IP only. ].
Q2: When I do this I got the error stated in Q1, even If I put the rule over
the vpn rule. What I am doing is making a mesh community and put inside this
my module checkpoint NGX and also the host at site B. Do I need to
place/move to anywhere else ? maybe I am forgetting something. Could someone
send me a paper unicast to me ? I will really appreciate your help.
3.- You said: [ you can also specify not to encrypt some protocols in your
vpn community, so you'll see clear and encrypted traffic between your site
and site B.]
Q3: But what happen when I need to send the same protocol/port to site A and
B, I can not apply this, can't I ?
Thanks averybody.
Regards
----- Original Message -----
From: "pkc_mls" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, December 06, 2006 4:02 AM
Subject: Re: [FW-1] Help please regarding VPN NGX
Edouard Zorrilla a écrit :
Hello There,
Does anyone have already configured a host which perform a IP and IPSec
traffic at the same time ? I mean, thru site A just IP traffic and thru
Site B IPSec traffic.
Hello,
you can easily do this.
the ipsec or ip traffic depends on your rulebase and on your vpn
definitions.
if you set a vpn community between your gateway and site b, and specify
"accept all encrypted traffic" in the community
or create a dedicated rule for vpn traffic, you'll see ipsec traffic
between the network behind your gateway and the network behind site B's
gateway.
you can also set another rule to allow some traffic to site A.
as site A is not part of any community, the traffic is IP only.
you can also specify not to encrypt some protocols in your vpn community,
so you'll see clear and encrypted traffic between your site and site B.
hope this'll help.
Thanks a lot,
Regards
___________________________________________________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions
! Profitez des connaissances, des opinions et des expériences des
internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
