hi all,
i have 5 different encryption domains defined which work well
between the main corporate networks and each of the satellite
vpns defined (star configuration with CPFW1 at the hub) but i
can not go from one satellite vpn to any other. the packet appears
to come in but does not get decrypted and logged, just dropped on the
floor. we use manual ipsec with the same spi between all members. my rules
look something like the following:
vpnhosts fw1host ipsec accept
fw1host vpnhosts
---------------------------------------------
vpnnets vpnnets any encrypt
---------------------------------------------
internnets vpnnets any encrypt
---------------------------------------------
vpnnets internnets any encrypt
i would expect CPFW1 to accept the packet from vpn1, decrypt, check the
contents for the destination IP and redirect the packet to vpn2 when
appropriate.
thanks
/pc
Paul
[EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
