I think that should be:
NetA to NetB encrypt
NetB to NetA encrypt
You also need to consider NAT on the firewall if you are using Hide Mode NAT
for your internal network clients (to surf the web):
Original packet Translated packet
Source Dest Service Source
Dest Serv
Net_Int Net_Int Any =original orig.
orig.
net_int any any [object you are hiding behind)
orig. orig.
I'd recommend IKE as you encryption method for compatibility with other
firewalls.
-----Original Message-----
From: Jarmoc, Jeff [mailto:[EMAIL PROTECTED]]
Sent: 29 August 2000 16:11
To: 'Steve'; [EMAIL PROTECTED]
Subject: RE: [FW1] VPN Between Two Illegal Networks
That's pretty much the best reason to use VPNs in my opinion. You'll have
to use some sort of NAT though. If their aren't enough IPs in your routable
Class C, use Hide mode NAT. Here's what you need to do;
Set NetA's network object as FWmachineA's encryption domain
Set NetB's network object as FWmachineB's encryption domain
Make sure each firewall has encapsulation on (if necessary, depending on
what encryption scheme you're using)
Add an encrypt rule on each firewall as follows;
For FWMachine A
SOURCE DEST Action Log
NetA NetA Encrypt Whatever you want, Long
NetB NetB
You'll still need to check the properties of your encryption action, and
your policy properties to make sure everything is set up right, but those
are the basic steps.. Check out http://www.phoneboy.com/fw1/encryption.html
for more detailed information.
Jeff Jarmoc - CCNA, MCSE
Network Analyst - Grubb & Ellis
847.753.7617
mailto:[EMAIL PROTECTED]
-----Original Message-----
From: Steve [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 29, 2000 9:40 AM
To: [EMAIL PROTECTED]
Subject: [FW1] VPN Between Two Illegal Networks
Hi,
Is it possible to set up a VPN between two illegal internal networks that
routes across the Internet?
Example:
netA -- (le0) FWmachineA (le1) -- internet -- (le1) FWmachineB (le0) -- netB
Where:
netA is an illegal internal network
netB is an illegal internal network
FWmachineA le1 has a valid Class C IP address
FWmachineB le1 has a valid Class C IP address
With an encrypted VPN how does a host on netA route to a host on netB
(without using NAT - not enough class C addresses available)?
Cheers,
-Steve
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
