[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] SecuRemote and Dual Network VPN

Robert,
 
What type of VPN are you relying on? FWZ., IKE?
 
I was wondering that depending how you set it, there will be a default gateway problem:
 
YOU
          |
          |  (1)                                | (2)
          |                                     |
-------VPN-1 NY--------------------VPN-1NJ-------
servers NY                                                servers NJ
 
 
When YOU enter the VPN through (1), and tries to reach 'servers NJ'  their default gateway will make your replies go out through (2).
 
 
Maybe a good idea for you is to think about IKE with MEP (Multiple Entry Point) VPN and IP pools, so you would add transparency to the users (as well high availability ) and the possibility to reach both networks, no matter if they come in through NY or NJ.
 
I suggest CP 2000 SP3 for this configuration as well a good study on the IP addressing and routing prior to the implementation,
 
I hope this helps,
 
Best wishes
 
Aylton
----- Original Message -----
Sent: Saturday, March 31, 2001 1:31 AM
Subject: [FW1] SecuRemote and Dual Network VPN

I have an office in NY and an office in NJ, both with their own checkpoint firewalls.  >From my work machine, I can access any other machine on our network, whether it is in NY or NJ (We have a Point-to-Point T1 between the 2 sites.)  Here is my problem.  When I VPN into my NJ firewall, I can only ping machines on the NJ network.  I am unable to access any machines in NY.  The same thing happens when I vpn into the NY firewall - I am unable to access NJ machines.  I have both networks defined on both firewalls and my VPN account has access to both networks.
 
Is there a way I can VPN into on firewall and be able to have access to both the NJ and NY networks without a gateway to gateway vpn? I'm sorry if this is a bit vague. If you have any questions, please feel free to email me.  Any help is appreciated.
 
R Jones