[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Routing from a VPN tunnel into another VPN tunnel !!
Hi, Currently i am try to build GRE tunneling between IP650 and Cisco router, please advice where i can obtain some articles regarding to the construction of GRE tunnelling. Many thanks in advance Best regards, martin -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Adrian H Solomon Sent: Wednesday, August 08, 2001 1:25 PM To: Mohamed Lrhazi; [email protected] Subject: RE: [FW1] Routing from a VPN tunnel into another VPN tunnel !! Hi Mohamed, Our experience has been that a VPN tunnel is strictly point to point and one cannot treat a second VPN tunnel as an onward link in the same way as with routed networks. Using your example FW-1@Site3 receives a packet from a client at Site1, examines the IP address, sees that it does not belong to the encryption domain defined as belonging to the other end of its tunnel ie Site2, and drops the packet. There are ways round this: 1. Use GRE tunneling on the routers (Cisco) so that the tunnels become equivalent to leased lines. 2. Have two firewalls at Site2 - one to communicate with Site1 and another to communicate with Site3, and add the IP addresses of your site1 clients to the encryption domain of the Site2-Site3 tunnel so the packets are propogated across the tunnel. Regards Adrian -----Original Message----- From: Mohamed Lrhazi [SMTP:[email protected]] Sent: Friday, August 03, 2001 6:20 PM To: [email protected] Subject: [FW1] Routing from a VPN tunnel into another VPN tunnel !! Hello All, Is it possible to configure CKP so that some specific traffic coming from a VPN tunnel gets routed through yet another VPN tunnel? If not, what are my options to establish such communication? clients ---> FW-1@Site1 -----VPN------> FW-1@Site2 -----VPN------> FW-1@Site3 ---> server Would a solution be: have a router after FW-1@Site2 route the traffic back into FW-1@Site2? Any input appreciated, Thank you. Mohamed~ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|