Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] VPN tunnel using Nokia's IPSO?

To: "'[email protected]'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: RE: [FW1] VPN tunnel using Nokia's IPSO?
From: "Cardona, Alberto" <[email protected]>
Date: Tue, 31 Jul 2001 09:58:17 -0400
Sender: [email protected]

Since this is how you configure a GRE type VPN using IPSO.
Can anyone tell me there are any performace and security benefits in using a
GRE 
VPN tunnel instead using Check Point VPN?

Let say you have 16 remote site and they connecting to a central site. 

Also can you create a GRE VPN tunnel and just use the Check Point FW-1 
to protect the Nokia from external attacks 

I spoke to a Nokia tech and he mentioned if you use IPSO based GRE VPN you
should not install Check Point FW-1 on the same box.
Is this true?



Thanks




-----Original Message-----
From: Cardona, Alberto [mailto:[email protected]]
Sent: Friday, July 27, 2001 9:02 AM
To: 'Shashi Shekhar'; '[email protected]';
'[email protected]'
Subject: RE: [FW1] VPN tunnel using Nokia's IPSO?







What is that Tunnel link for under the Interfaces link?
I clicked on it and It had some VPN parameters setting's.

I know Nokia makes dedicated VPN appliances without Check Point.


-----Original Message-----
From: Shashi Shekhar [mailto:[email protected]]
Sent: Thursday, July 26, 2001 8:59 PM
To: [email protected]
Subject: RE: [FW1] VPN tunnel using Nokia's IPSO?






IPSO is just an OS, you use Check Point software to do VPN tunneling..

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
Cardona, Alberto
Sent: Thursday, July 26, 2001 12:05 PM
To: '[email protected]';
[email protected]
Subject: [FW1] VPN tunnel using Nokia's IPSO?



On IPSO 3.3 does anyone know what the Tunnel url under the Interfaces url in
Voyager
is used for?

Is this used for creating a VPN tunnel using IPSO operating system instead
of Check Point?
If so, what are the performance's compared to using FW-1 VPN setup


Thanks


AC

-----Original Message-----
From: Reed Mohn, Anders [mailto:[email protected]]
Sent: Thursday, July 26, 2001 4:15 AM
To: 'Don Leeper'; '[email protected]'
Subject: RE: [FW1] spoofing







In the anti-spoofing settings, you specify, for each FW-interface
which addresses are allowed as sources and destinations on that
specific interface.
For instance, it would not be correct for a packet to have a
source address from the 192.168.2.0 network if it comes from
your internal network. Likewise, packets shouldn't enter your internal
network
from the outside, with source addresses from your internal network.
So, putting together the anti-spoofing we get:

1. Using just the network addresses for each network (no NAT)

DMZ:      "This Net"
Internal: "This Net"
External: "Others"

2. Adding NAT, you must also allow the NAT addresses
Create a group for each (non-external) interface, containing
the valid addresses. Then use "Specific" to specify this group
in the anti-spoofing settings.
The groups must contain:

DMZ:  DMZ-network + public/NAT-addresses for the web and DNS servers.
Internal: Internal network + public/NAT-addresses for the web-server.
External: No group needed, still set to "Others".


Cheers,
Anders :)



 -----Original Message-----
From: Don Leeper [mailto:[email protected]]
Sent: 25. juli 2001 19:59
To: '[email protected]'
Subject: [FW1] spoofing



I was wondering if someone could give me your input on anti-spoofing.  I
have 3 interfaces on my FW:
DMZ 192.168.2.1
External 63.64.1.1
Internal 192.168.1.1
I have a DNS server and web server sitting on the DMZ.  Which needs to be
open to the public.
I have my email server and one web server on the Internal.  They need to be
accessible to the public as well.  All addresses that are for the public are
nated.  Could someone tell me how you would set up the anti-spoofing on the
FW that won't affect my setup but protect me? I noticed in my logs that
someone was trying to get in using private addresses. Thanks for your help
in advance.  (I did look it up but I think its better to hear how others do
it!) Kind of confusing....


Donnie Leeper



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] 4.1 SP3 problem
Next by Date: Re: [FW1] Nokia bootmgr upgrade?
Previous by thread: RE: [FW1] VPN tunnel using Nokia's IPSO?
Next by thread: [FW1] Autoreplies sent to the mailinglist
Index(es):
- Date
- Thread