NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] VPN Routing



Hi 

I'm Kouda from Japan

It doesn't know VPN, and it is very much in trouble.
Therefore, this ML let me throw it. 

It is to do  "Network to Network" connection with VPN to be in trouble.

Temporarily, supposing that there are two FW machines, Management and
Module are in each. 


Configuration:


      172.16.0.0/16   172.17.0.0/16   172.18.0.0/16 
   ------    ↓   ------    ↓   ------    ↓   ------
  | FW-A |-------|Router|-------|Router|-------| FW-B |   
   ------         ------         ------         ------
     |                                        ↑   |
     |              (IP Address FW-B ) 172.18.1.1  |
     |                                             |
     | 10.0.0.0/8                  192.168.3.0/24  |
   ------                                       ------
  |client|                                     |server|   
   ------                                       ------
  10.1.1.11                                    192.168.3.1 

client type command : telnet 192.168.3.1 80


It is a question here!

Who knows that it goes for 192.168.3.0/24 though Source varies according
to Client in the address of 172.16.0.0/24 (by Capsule) when he leaves
FW-A?

In the beginning, each FW established an "encryption connection (ex.IKE) ",
and it passed, and Client thought the connection to go even tothe
companion side FW after that

But, it was wrong
It could go if routing table was added to FW-A.
But, this result get when each FW were in same NetworkAddress.
So routing table couldn't be added by the above composition.
Becouse, "route add " command can't add Gateway of NetworkAddress which
is different from NetworkAddress which OS has 

Well, what should I do?

Incidentally, FW-A on Solaris7, FW-B on WinNT

It is very happy if any thing can have it advises, and 
sorry for long sentence



------------------------------
Takashi Kouda [email protected]

------------------------------



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.