Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Routing from a VPN tunnel into another VPN tunnel !!

To: "Mohamed Lrhazi" <[email protected]>, "[email protected]" <[email protected]>
Subject: RE: [FW1] Routing from a VPN tunnel into another VPN tunnel !!
From: "Adrian H Solomon" <[email protected]>
Date: Wed, 8 Aug 2001 07:24:56 +0200
Sender: [email protected]

{\rtf1\ansi\deff0\deftab360{\fonttbl {\f0\fswiss\fcharset0 Arial;}{\f1\fswiss\fprq2 Arial;}}
{\colortbl ;\red0\green0\blue0;\red0\green0\blue255;}
\uc1\pard\cf1\lang1033\ulnone\f0\fs20 Hi Mohamed,\par
\par
Our experience has been that a VPN tunnel is strictly point to point and one cannot treat a second VPN tunnel as an onward link in the same way as with routed networks. Using your example\cf2   \cf0 FW-1@Site3 receives a packet from \par
a client at Site1, examines the IP address, sees that it does not belong to the encryption domain defined as belonging to the other end of its tunnel ie Site2, and drops the packet.\par
\par
There are ways round this:\par
\par
1. Use GRE tunneling on the routers (Cisco) so that the tunnels become equivalent to leased lines.\par
\par
2.  Have two firewalls at Site2 - one to communicate with Site1 and another to communicate with Site3, and add the\par
IP addresses of your site1 clients to the encryption domain of the Site2-Site3 tunnel so the packets are propogated across the tunnel.\par
\par
Regards\par
\par
Adrian\par
\par
\par
\par
\par
\protect\f1\fs16 -----Original Message-----\par
\protect0\pard\protect\fi-1440\li1800\tx1440\b From:\tab\b0 Mohamed Lrhazi [SMTP:[email protected]]\par
\b Sent:\tab\b0 Friday, August 03, 2001 6:20 PM\par
\b To:\tab\b0 [email protected]\par
\b Subject:\tab\b0 [FW1] Routing from a VPN tunnel into another VPN tunnel !!\par
\protect0\pard\protect\li360\f0\fs20\par
\par
\par
Hello All,\par
\par
Is it possible to configure CKP so that some specific traffic coming from a\par
VPN tunnel gets\par
routed through yet another VPN tunnel?\par
If not, what are my options to establish such communication?\par
\par
clients ---> FW-1@Site1 -----VPN------> FW-1@Site2 -----VPN------>\par
FW-1@Site3 ---> server\par
\par
Would a solution be: have a router after FW-1@Site2 route the traffic back\par
into FW-1@Site2?\par
\par
Any input appreciated,\par
Thank you.\par
\par
Mohamed~\par
\par
\par
================================================================================\par
     To unsubscribe from this mailing list, please see the instructions at\par
               \cf2\ul http://www.checkpoint.com/services/mailing.html\cf0\ulnone\par
================================================================================\par
\par
\par
}

Follow-Ups:
- RE: [FW1] Routing from a VPN tunnel into another VPN tunnel !!
  - From: "Martin WF Hui" <[email protected]>
- [FW1] rule base not downloading.
  - From: "fwmail" <[email protected]>

Prev by Date: Re: [FW1] Problem with cpconfig
Next by Date: [FW1] Publishing Web through Firewall-1
Previous by thread: [FW1] Routing from a VPN tunnel into another VPN tunnel !!
Next by thread: RE: [FW1] Routing from a VPN tunnel into another VPN tunnel !!
Index(es):
- Date
- Thread