Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] One-way VPN

To: "'Steve'" <[email protected]>, [email protected]
Subject: RE: [FW1] One-way VPN
From: "Murphy, Paul" <[email protected]>
Date: Fri, 13 Oct 2000 13:51:25 +0100
Sender: [email protected]

All Firewall-1 rules are one-way, even encrypts.
 
So if you have a rule saying
 
    Source            Destination        Service        Action
    Remote-net    DMZ-net            http            Encrypt
 
This does not imply any connections can be instigated from the DMZ to the
Remote LAN.
 
Paul.
 

-----Original Message-----
From: Steve [mailto:[email protected]]
Sent: 12 October 2000 17:41
To: [email protected]
Subject: [FW1] One-way VPN


 
Got a really tricky one here.
 
I have a Firewall at HQ with three interfaces:
 
LAN, DMZ and INTERNET.
 
A remote Firewall with LAN and INTERNET only.
 
I have successfully established a VPN between LANs.
 
However I want to establish a VPN between the remote LAN and the DMZ at HQ.
 
The problem is that it must be one way. i.e. Remote LAN can access DMZ.
 
DMZ cannot access (initiate connection with) Remote LAN.
 
At first we tried establishing a VPN between remote LAN and DMZ and then
adding a rule on the  remote side to drop all packetes originating from the
DMZ. Unfortunately this dropped returning VPN packets that originated from
remote LAN aswell as connections initiated from the DMZ.
 
Is it possible to set up this sort of one way trust VPN?
 
Cheers,
 
-Steve
 

---------------------------------------------------------------------------------
This e-mail is intended only for the above addressee. It may contain
privileged information. If you are not the addressee you must not copy,
distribute, disclose or use any of the information in it. If you have
received it in error please delete it and immediately notify the
sender.

evolvebank.com is a division of Lloyds TSB Bank plc.
Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS.  Registered in
England, number 2065.  Telephone No: 020 7626 1500
Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street,
Edinburgh EH2 4LH. Registered in Scotland, number 95237.  Telephone
No:Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the
Personal Investment Authority and represent only the Scottish Widows
and Lloyds TSB Marketing Group for life assurance, pensions and
investment business.

Members of the UK Banking Ombudsman Scheme and signatories to the UK
Banking Code.
----------------------------------------------------------------------------------


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Adding new modules to management station - risks with Putkey?
Next by Date: RE: [FW1] NT talking with NBNAME to whole world?
Previous by thread: RE: [FW1] One-way VPN
Next by thread: Re: [FW1] One-way VPN
Index(es):
- Date
- Thread