| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Re-Routing VPN Traffic
Hi!
last week I've set up a VPN triangle between three Nokia IP330 with
Single-Gateway/VPN-1 4.1 SP3. All three firewalls are managed through their
own management module. Ecncryption scheme is 3DES/IKE. There is a 10.x/21
net behind each of the boxes. SecuRemote Dialin is possible to each of
them.
Now this VPN needs to be connected to another branch in another country.
The customer wanted to build only one VPN tunnel to the new branch, but
re-route all traffic within the whole VPN to get the new branch reachable
from everywhere.
Site D (new)
10.30/21
+------+
| |
+------+
:
:
:
:
+------+
| | Site A
+------+ 10.31/21
/\
/ \
/ \
/ \
/ \
/ \
/ \
+------+ +------+
Site B | |------| | Site C
10.32/21 +------+ +------+ 10.33/21
In my understanding there needs to be a full-mesh topology to achieve full
connectivity. Or is it possible to connect the triangle only at one end to
the forth site? If yes, please describe how to set up IP routing for the
10.x/21 nets and how to set up encryption domains at each site.
What about SecuRemote clients? Will they be able to reach site D when
dialing into the other sites?
Thank you in advance!
regards, Elchy
--
A. Eltrich - mailto:[email protected]
LAN/WAN System Engineer - http://www.inotronic.de/
inotronic Computers GmbH - Pfaelzer-Wald-Str. 70
D-81539 Muenchen - Tel: +49-89-439007-0 - Fax: -41
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
