[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Nokia Crypto Cluster and Checkpoint FW-1 as Internet Gateway
greetings, Look at the following picture: CL = Internal Client CC = Crypto Cluster Box VPN = VPN Connection through the Internet FW-1 = Firewall-1 Box PT = Plain Text Communication DH = Destination Host, any host located on the internet CL <-PT-> CC <-VPN-> FW-1 <-PT-> DH What I would to achieve is that the internal Client can reach any host on the internet, going through the VPN tunnel between Cryptobox and FW-1. The FW-1 itselfs should route the encrypted packet to the internet and finaly reach the destination. So FW-1 acts as an central HUB for any connection to and from the internet and the Cryptobox(es). I have sucessfully set up the VPN between CryptoCluster and FW-1 when I define on FW-1 as encryption domain the internal network of FW-1. I don't know how to tell Cryptobox that it should use VPN to reach any destination. Another thing would be the firewall itself. Normally, you assign them an object called encryption domain which includes all networks for which it will encrypt / decrypt. Wonder how it is possible to tell them that any traffic from cryptobox should be decryptet, no matter if the destination belongs to an internal or external host. I'm appreciating really any hints, facts and figures. Regards, sAM ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|