Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] All Traffic to Central Site via VPN

To: [email protected]
Subject: [FW1] All Traffic to Central Site via VPN
From: Michael Magondo <[email protected]>
Date: Mon, 12 Feb 2001 10:27:41 +0200
Sender: [email protected]

Hi guys

A quic question on this issue. We have had such requests before where all
traffic must go to to central office via VPN before going out to the net
usually bacause of a centralized internet access control systems that must
audit all accesses. Now are we saying with an IPSec based firewall this is
not possible as implied by the CyptoTech response??

Thanx

Mike

>Date: Fri, 09 Feb 2001 18:56:11 -0500
>From: CryptoTech <[email protected]>
>Subject: Re: [FW1] All Traffic to Central Site via VPN
>
>Jon,
>You are describing a PPTP or L2TP based firewall.  In all IPSec based
firewalls,
>traffic destined for the internet will go direct to the net without wasting
>bandwidth at the central site.  Also traffic between remote sites will pass
directly
>between the relevant sites and not touch the main site.  This is the only
way to do
>this with check point.
>
>You would just define each vpn device and each sites local network objects,
then 1)
>create a group (encryption_domains for example) and place all the sites
network
>objects into the group-- create a rule encryption_domains
encryption_domains <svc>
>encrypt--and create a nat rule (if nat will be used in the network) that
says
>encryption_domains encryption_domains original original,
>or you can create many rules defining each sites access to the other sites
as
>separate rules.  This will give you tighter control and enable you to avoid
the IKE
>error:peer gateway same as source
>
>"Jon R. Allen" wrote:
>
> I am trying to set up a test bed to compare Checkpoint VPN with
> Nortel Contivity VPN.  The setup requires that remote sites
> connect back to Headquarters via an encrypted VPN connection
> for all traffic destined for either headquarters OR the Internet.
> In other words, this is a non-split-tunneling VPN connection. I
> have successfully setup split tunnels before where the remote site
> sends traffic out to the internet direction, any only traffic
> destined for headquarters gets encrypted on the VPN, but his is
> not what they want.
>
> The problem I am having is what the encryption domains should be
> to encrypt everything back to headquarters regardless of whether
> it will eventually go out to the internet via headquarters, or
> stay within headquarters.
>
> If anyone can provide some pointers on the encryption domain and
> rule settings for each side, I would appreciate it.  THanks in
> advance.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Mail Alert for Sun platform
Next by Date: Re: [FW1] Are there any tools for load balancing CPfw?
Previous by thread: Re: [FW1] All Traffic to Central Site via VPN
Next by thread: [FW1] More than 1 external subnets techniques
Index(es):
- Date
- Thread