[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Routing from a VPN tunnel into another VPN tunnel !!
{\rtf1\ansi\deff0\deftab360{\fonttbl {\f0\fswiss\fcharset0 Arial;}{\f1\fswiss\fprq2 Arial;}} {\colortbl ;\red0\green0\blue0;\red0\green0\blue255;} \uc1\pard\cf1\lang1033\ulnone\f0\fs20 Hi Mohamed,\par \par Our experience has been that a VPN tunnel is strictly point to point and one cannot treat a second VPN tunnel as an onward link in the same way as with routed networks. Using your example\cf2 \cf0 FW-1@Site3 receives a packet from \par a client at Site1, examines the IP address, sees that it does not belong to the encryption domain defined as belonging to the other end of its tunnel ie Site2, and drops the packet.\par \par There are ways round this:\par \par 1. Use GRE tunneling on the routers (Cisco) so that the tunnels become equivalent to leased lines.\par \par 2. Have two firewalls at Site2 - one to communicate with Site1 and another to communicate with Site3, and add the\par IP addresses of your site1 clients to the encryption domain of the Site2-Site3 tunnel so the packets are propogated across the tunnel.\par \par Regards\par \par Adrian\par \par \par \par \par \protect\f1\fs16 -----Original Message-----\par \protect0\pard\protect\fi-1440\li1800\tx1440\b From:\tab\b0 Mohamed Lrhazi [SMTP:[email protected]]\par \b Sent:\tab\b0 Friday, August 03, 2001 6:20 PM\par \b To:\tab\b0 [email protected]\par \b Subject:\tab\b0 [FW1] Routing from a VPN tunnel into another VPN tunnel !!\par \protect0\pard\protect\li360\f0\fs20\par \par \par Hello All,\par \par Is it possible to configure CKP so that some specific traffic coming from a\par VPN tunnel gets\par routed through yet another VPN tunnel?\par If not, what are my options to establish such communication?\par \par clients ---> FW-1@Site1 -----VPN------> FW-1@Site2 -----VPN------>\par FW-1@Site3 ---> server\par \par Would a solution be: have a router after FW-1@Site2 route the traffic back\par into FW-1@Site2?\par \par Any input appreciated,\par Thank you.\par \par Mohamed~\par \par \par ================================================================================\par To unsubscribe from this mailing list, please see the instructions at\par \cf2\ul http://www.checkpoint.com/services/mailing.html\cf0\ulnone\par ================================================================================\par \par \par }
|