[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Securemote Issues - Urgent
Amit, If you will configure IKE as the encryption scheme, then you can have separate encryption domains, and separate sites created. This way, users will download topology from the enforcement point (a or b) and will encrypt to the same. You will need to change the policy/properties/desktop security tab and uncheck the respond to unauthenticated cleartext topology requests. HTH, Amit Saha wrote: > Dear All, > > I have run into some rough weather. I wanted some help urgently. I have 2 > locations separated by a long distance. At locaiton A there is a FW with > mgmt server. At location B there is only fw module. The location A mgmt > server is used to control the location B. Now there are securemote clients > installed across both the places. Now i have created different encryption > domains for each location. There are servers at both locations. There is no > WAN connectivity between location A & B, only internet connectivity. > > Also, i believe that in the securemote client, when u add a site, u have to > give mgmt server ip address. But then how will the users connect to server > at location B. I dont want them to go to location B again thru the VPN > established between sites A & B and waste precious internet bandwidth. > Instead, is there some way the securemote clients connect to the mgmt server > only for key exchange and then establish a tunnel with fw module at loc B > for accessing server located there? > > This is a bit urgent and i have to give a soln. asap. So guys, do help me > out. > > Warm Regards, > > Amit Saha > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|