I can agree on what hugo says. NAT within vpn with manual nat rules or behind the gateway works fine here.
you just have to define the IPs and services that have to be available from the remote site. br reinhard ** My mobile email is powered by Nokia Mobile Email solutions ** ** please 'reply-to-all' when answering... ** > -----Original Message----- > From: Mailing list for discussion of Firewall-1 on behalf of Hugo van der > Kooij > Received: Tue Feb 13 21:04:28 CET 2007 > To: [email protected] > Subject: Re: [FW-1] S2S VPN - Same Encryption Domains > > On Tue, 13 Feb 2007, Satyam Mathura wrote: > > > Hey Guys: > > I'm pretty sure this has been covered before but i cannot seem to find > > the relevant articles. Currently we have an existing Site to Site VPN > > connection with Vendor A. Their encryption domain is 192.168.1.0 /24. We > > will need to setup another Site to Site VPN connection to Vendor B, whose > > encryption domain is also 192.168.1.0 /24. Of course neither vendor > > will want to change their subnet scheme. Can you guys point me in the right > > direction for setting this up. > > Define public address for remote applications. So each party will > advertise their application on public addresses only and you hide your > clients behind a public address of your won. > > Lacking the ability of public addresses you can resort to agreed upon > private addresses but you may need to change it again if either of the two > sides will be seting up another VPN with a company using that particular > address range for their network. > > I known companies with lots of VPN links why have decided that the use of > public addresses is the only sustainable way. > > Hugo. > > -- > [EMAIL PROTECTED] http://hvdkooij.xs4all.nl/ > This message is using 100% recycled electrons. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
