The ID's will be specific to the /24 networks you have defined. You should not see the supernetting CP does for these networks since they are not continuous. If you do run into a continuous scenario setting the key exchange to host verses subnets has solved this problem for me on several occasions. -GS
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of pkc_mls Sent: Thursday, April 24, 2008 11:55 AM To: [email protected] Subject: [FW-1] vpn setting question hi all, let's imagine I'd like to build a vpn between a checkpoint and a third party gateway. I'd like to send trafic from 3 internal networks to 3 remote networks. internal nets are 172.16.1.0/24, 172.16.20.0/24 and 10.0.0.0/24 remote nets are 192.168.1.0/24, 192.168.10.0/24 and 10.0.10.0/24 (so no overlapping). the remote gateway has vpn phase 2 definitions for 192.168.1.0 vs 172.16.1.0, 192.168.10.0 vs 172.16.20.0 and 10.0.10.0 vs 10.0.0.0. I can set the topology for each gateway to a group of networks, but how will the proxy id be calculated when the vpn is established (local networks initiate the vpn community) ? are there any recommendations regarding the vpn tunnels (one tunnel per host pair, one tunnel per network pair or one per gayteway pairs) ? could it be a good idea to switch to route based vpn in such a scenario ? thanks. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
