Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Re-Routing VPN Traffic

To: "Larry Pingree" <[email protected]>
Subject: Re: [FW1] Re-Routing VPN Traffic
From: [email protected]
Date: Tue, 24 Apr 2001 09:55:53 +0100
Cc: "Andreas Eltrich" <[email protected]>, [email protected], [email protected]
Sender: [email protected]

We have a similar problem - although ours is made worse by the fact that the single connection point in our case is running on a Nortel VPN box:-

SiteA - - CPpointVPN - - Site B - - Nortel VPN - - Site C

SiteA to B no problem, Site B to C no problem, Site A to C doesn't work - get dest unreachable from traceroute (from an ISP router) but can't see any obvious routing config errors at our end.

Any ideas on our situation would help.

Tim

"Larry Pingree" <[email protected]>
Sent by: [email protected]

04/23/01 06:38 PM

To: "Andreas Eltrich" <[email protected]>, <[email protected]>
cc:
Subject: Re: [FW1] Re-Routing VPN Traffic

Hmm.. I think the only way to do this would be fully meshed. Anyone else
have any ideas on this one?

-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
Larry Pingree
Sr. Security Consultant
Email: [email protected]

SiegeWorks
WebSite: http://www.siegeworks.com/
Enterprise Support, Security Consulting and Training
-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
----- Original Message -----
From: Andreas Eltrich <[email protected]>
To: <[email protected]>
Sent: Tuesday, April 17, 2001 3:29 AM
Subject: [FW1] Re-Routing VPN Traffic

>
> Hi!
>
> last week I've set up a VPN triangle between three Nokia IP330 with
> Single-Gateway/VPN-1 4.1 SP3. All three firewalls are managed through
their
> own management module. Ecncryption scheme is 3DES/IKE. There is a 10.x/21
> net behind each of the boxes. SecuRemote Dialin is possible to each of
> them.
>
> Now this VPN needs to be connected to another branch in another country.
> The customer wanted to build only one VPN tunnel to the new branch, but
> re-route all traffic within the whole VPN to get the new branch reachable
> from everywhere.
>
> Site D (new)
> 10.30/21
> +------+
> | |
> +------+
> :
> :
> :
> :
> +------+
> | | Site A
> +------+ 10.31/21
> /\
> / \
> / \
> / \
> / \
> / \
> / \
> +------+ +------+
> Site B | |------| | Site C
> 10.32/21 +------+ +------+ 10.33/21
>
> In my understanding there needs to be a full-mesh topology to achieve full
> connectivity. Or is it possible to connect the triangle only at one end to
> the forth site? If yes, please describe how to set up IP routing for the
> 10.x/21 nets and how to set up encryption domains at each site.
>
> What about SecuRemote clients? Will they be able to reach site D when
> dialing into the other sites?
>
> Thank you in advance!
>
> regards, Elchy
>
> --
> A. Eltrich - mailto:[email protected]
> LAN/WAN System Engineer - http://www.inotronic.de/
> inotronic Computers GmbH - Pfaelzer-Wald-Str. 70
> D-81539 Muenchen - Tel: +49-89-439007-0 - Fax: -41
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Prev by Date: [FW1] request on a suitable h/w platform for a FW-1/VPN-1 solution.
Next by Date: Re: [FW1] Meta IP - integration with fw-1
Previous by thread: Re: [FW1] Re-Routing VPN Traffic
Next by thread: [FW1] SecuRemote and TACACS
Index(es):
- Date
- Thread