Sebastian Arriada wrote:
czar,
can u check in Smartviewtracker if the packets are being encrypted in
your side? If not probably you are not defining properly the encryption
domain.
No its not being encrypted because it seems fw1 routes it to the default
gw instead of through the tunnel? Do I need to define a separate
encryption domain for only the 10.x subnet?
Is there a Netscreen FW in the other side? Sometimes in Netscreen the
encryption is created in 1 policy (with a group of sources) and match
with the first range, in these cases u need to create 2 policies for the
encription domain one for each range.
If u have cisco can u check in the other side if the crypto has been
established?
Remote site is using freeswan.
Sebastian.
rar.mail wrote:
Well, just an opinion,
is there a route for each subnet ?
Maybe there's no route for 10.x on the remote access (site 192.168.x )
regards
RaR
Message du 14/02/08 09:59
De : "czar"
A : [email protected]
Copie à :
Objet : [FW-1] VPN Setup with Non-contiguous subnets
Hi,
We are using R55. We have site-to-site vpn with an isp. We have 172.x
(private) subnets and lately we have to add 10.x (private) for one of
our branch office.
The problem is packets from the 10.x does not go through the vpn tunnel
to access an ftp server on the isp's side which has also a 192.168.x
(private). But the 172.x packets do - works perfectly. How do I make
10.x aggregated into the vpn tunnel? Or do I need to create a separate
vpn site just for the 10.x subnet?
Any ideas/recommendations is appreciated.
ta
czar
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
Créez votre adresse électronique [EMAIL PROTECTED] 1 Go
d'espace de stockage, anti-spam et anti-virus intégrés.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
