[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re-Routing VPN Traffic
Hi! last week I've set up a VPN triangle between three Nokia IP330 with Single-Gateway/VPN-1 4.1 SP3. All three firewalls are managed through their own management module. Ecncryption scheme is 3DES/IKE. There is a 10.x/21 net behind each of the boxes. SecuRemote Dialin is possible to each of them. Now this VPN needs to be connected to another branch in another country. The customer wanted to build only one VPN tunnel to the new branch, but re-route all traffic within the whole VPN to get the new branch reachable from everywhere. Site D (new) 10.30/21 +------+ | | +------+ : : : : +------+ | | Site A +------+ 10.31/21 /\ / \ / \ / \ / \ / \ / \ +------+ +------+ Site B | |------| | Site C 10.32/21 +------+ +------+ 10.33/21 In my understanding there needs to be a full-mesh topology to achieve full connectivity. Or is it possible to connect the triangle only at one end to the forth site? If yes, please describe how to set up IP routing for the 10.x/21 nets and how to set up encryption domains at each site. What about SecuRemote clients? Will they be able to reach site D when dialing into the other sites? Thank you in advance! regards, Elchy -- A. Eltrich - mailto:[email protected] LAN/WAN System Engineer - http://www.inotronic.de/ inotronic Computers GmbH - Pfaelzer-Wald-Str. 70 D-81539 Muenchen - Tel: +49-89-439007-0 - Fax: -41 ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|