Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Can I setup a VPN this way?

To: "Michael Batchelder" <[email protected]>
Subject: Re: [FW1] Can I setup a VPN this way?
From: "Ivan Fox" <[email protected]>
Date: Tue, 13 Feb 2001 19:48:40 -0500
Cc: "Firewall-Wizards@FW1-NOSPAMNfr. Net" <[email protected]>, "Firewalls@FW1-NOSPAMLists. Gnac. Net" <[email protected]>, "Firewall-1" <[email protected]>
References: <[email protected]> <[email protected]>
Sender: [email protected]

Michael;

If these sites use L3 switches, would VLAN provide the same level of
security as VPN?

Thanks,

----- Original Message -----
From: "Michael Batchelder" <[email protected]>
To: "Ivan Fox" <[email protected]>
Cc: "Firewall-Wizards@Nfr. Net" <[email protected]>;
"Firewalls@Lists. Gnac. Net" <[email protected]>; "Firewall-1"
<[email protected]>
Sent: Tuesday, February 13, 2001 7:18 PM
Subject: Re: [FW1] Can I setup a VPN this way?


> A clarification would be good, here.  Are you trying to send VPN traffic
> from A, thru B, to C and back, or do you want to send traffic from A to
> both B and C?  Either one is possible.  The latter scenario is the same
> as the former scenario with the addition of an A->B VPN tunnel.  So you
> just need to know, at most:
>
> 1) how to set up vpn tunnels between two firewalls
> 2) how to pass vpn tunnels through a firewall
>
> I'll assume you want to do IPSec vpn, and not FWZ...
>
> For 1, consult the docs and Checkpoint's web site, or www.phoneboy.com.
> There should be enough info and examples to do that.  For 2, to pass
> IPSec through a fw, you need a rule on B to permit the appropriate IP
> *protocol*, AH or ESP or both (probably just ESP).  Both protocols are
> defined service objects, and are in the service group "IPSec".  You also
> need to permit IKE if you're using it, which is UDP, port 500.  If
> you're doing NAT at B, this gets a whole lot hairier...
>
> Michael
>
> Ivan Fox wrote:
> >
> > Let say three are 3 sites in serial, i.e., A --> B --> C.  Each site has
its
> > own subnet and Check Point VPN-1.  Can I setup a continuous VPN using
Check
> > Point VPN-1 starting from A and ending at C.
> >
> > Any pointers are appreciated.
> >
> > Ivan
> >
> >
============================================================================
====
> >      To unsubscribe from this mailing list, please see the instructions
at
> >                http://www.checkpoint.com/services/mailing.html
> >
============================================================================
====
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Can I setup a VPN this way?
  - From: "Ivan Fox" <[email protected]>

Prev by Date: RE: [FW1] Routing table
Next by Date: [FW1] HTTP Security Server Woes
Previous by thread: [FW1] Can I setup a VPN this way?
Next by thread: RE: [FW1] Can I setup a VPN this way?
Index(es):
- Date
- Thread