[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] multiple encryption domains
hi all, i have 5 different encryption domains defined which work well between the main corporate networks and each of the satellite vpns defined (star configuration with CPFW1 at the hub) but i can not go from one satellite vpn to any other. the packet appears to come in but does not get decrypted and logged, just dropped on the floor. we use manual ipsec with the same spi between all members. my rules look something like the following: vpnhosts fw1host ipsec accept fw1host vpnhosts --------------------------------------------- vpnnets vpnnets any encrypt --------------------------------------------- internnets vpnnets any encrypt --------------------------------------------- vpnnets internnets any encrypt i would expect CPFW1 to accept the packet from vpn1, decrypt, check the contents for the destination IP and redirect the packet to vpn2 when appropriate. thanks /pc Paul [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|