Hello Sir,
I have tried with the not to encrypt the protocol in my vpn community and it
seems to be still encrypting all the traffic since the traffic is being
droped by the FW telling that there is not a valid SA.
Is there any trick so that the "not to encrypt protocol option" inside the
community works ? please if some you know how to do that let me know. What I
am trying to do is to send IP and IPSec traffic from the same source behind
the FW-1 NGX
Regards
----- Original Message -----
From: "pkc_mls" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, December 06, 2006 4:02 AM
Subject: Re: [FW-1] Help please regarding VPN NGX
Edouard Zorrilla a écrit :
Hello There,
Does anyone have already configured a host which perform a IP and IPSec
traffic at the same time ? I mean, thru site A just IP traffic and thru
Site B IPSec traffic.
Hello,
you can easily do this.
the ipsec or ip traffic depends on your rulebase and on your vpn
definitions.
if you set a vpn community between your gateway and site b, and specify
"accept all encrypted traffic" in the community
or create a dedicated rule for vpn traffic, you'll see ipsec traffic
between the network behind your gateway and the network behind site B's
gateway.
you can also set another rule to allow some traffic to site A.
as site A is not part of any community, the traffic is IP only.
you can also specify not to encrypt some protocols in your vpn community,
so you'll see clear and encrypted traffic between your site and site B.
hope this'll help.
Thanks a lot,
Regards
___________________________________________________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions
! Profitez des connaissances, des opinions et des expériences des
internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
