This is getting very confusing..... You say that you have already a site to site with your ISP...correct?
Now explain how the branch office is connected? Is connected directly to you? (The Primary site) Or the tunnel is established with the ISP (secondary site)? Does the traffic from the branch site have to go thru the ISP tunnel before reaching your Primary site? If that is the case then traffic has to transverse 2 VPN tunnels before reaching you.... -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of czar Sent: Thursday, February 14, 2008 1:39 PM To: [email protected] Subject: Re: [FW-1] VPN Setup with Non-contiguous subnets On our side, I had to manually add the route for the 10.x. It's working - for internet access/voip phones. What additional route should I create for the vpn tunnel? Why manually? The 10.x, I assumed, is already part of the encryption domain. I'll re-confirm on the isp/remote site. Thanks. rar.mail wrote: > Well, just an opinion, > is there a route for each subnet ? > Maybe there's no route for 10.x on the remote access (site 192.168.x ) > > regards > > RaR > > >>Message du 14/02/08 09:59 >>De : "czar" >>A : [email protected] >>Copie à : >>Objet : [FW-1] VPN Setup with Non-contiguous subnets >> >>Hi, >> >>We are using R55. We have site-to-site vpn with an isp. We have 172.x >>(private) subnets and lately we have to add 10.x (private) for one of >>our branch office. >> >>The problem is packets from the 10.x does not go through the vpn tunnel >> to access an ftp server on the isp's side which has also a 192.168.x >>(private). But the 172.x packets do - works perfectly. How do I make >>10.x aggregated into the vpn tunnel? Or do I need to create a separate >>vpn site just for the 10.x subnet? >> >>Any ideas/recommendations is appreciated. >> >>ta >>czar >> >>================================================= >>To set vacation, Out-Of-Office, or away messages, >>send an email to [EMAIL PROTECTED] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>To unsubscribe from this mailing list, >>please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>If you have any questions on how to change your >>subscription options, email >>[EMAIL PROTECTED] >>================================================= >> >> > > > > > > > > > Créez votre adresse électronique [EMAIL PROTECTED] > 1 Go d'espace de stockage, anti-spam et anti-virus intégrés. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
