NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Routing from a VPN tunnel into another VPN tunnel !!



This is between 2 routers (closest match I could find).

http://www.cisco.com/warp/public/707/ipsec_gre.html

This is used for:
-ipx traffic
-MS networking
-routing protocols

The reason why many people do this is because IPSec will not carry
multicasts or broadcasts.  I am not sure about the CP side.  Just be sure
that your traffic "enters" the logical GRE tunnel BEFORE the IPSec tunnel,
then the reverse on the other side.

Eric

-----Original Message-----
From: Martin WF Hui [mailto:[email protected]]
Sent: Thursday, August 09, 2001 10:30 AM
To: 'Adrian H Solomon'; 'Mohamed Lrhazi';
[email protected]
Subject: RE: [FW1] Routing from a VPN tunnel into another VPN tunnel !!



Hi,

Currently i am try to build GRE tunneling between IP650 and Cisco router,
please advice where i can obtain some articles regarding to the construction
of GRE tunnelling.

Many thanks in advance

Best regards,

martin

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of Adrian H
Solomon
Sent: Wednesday, August 08, 2001 1:25 PM
To: Mohamed Lrhazi; [email protected]
Subject: RE: [FW1] Routing from a VPN tunnel into another VPN tunnel !!


Hi Mohamed,

Our experience has been that a VPN tunnel is strictly point to point and
one cannot treat a second VPN tunnel as an onward link in the same way as
with routed networks. Using your example  FW-1@Site3 receives a packet
from 
a client at Site1, examines the IP address, sees that it does not belong
to the encryption domain defined as belonging to the other end of its
tunnel ie Site2, and drops the packet.

There are ways round this:

1. Use GRE tunneling on the routers (Cisco) so that the tunnels become
equivalent to leased lines.

2.  Have two firewalls at Site2 - one to communicate with Site1 and
another to communicate with Site3, and add the
IP addresses of your site1 clients to the encryption domain of the
Site2-Site3 tunnel so the packets are propogated across the tunnel.

Regards

Adrian




-----Original Message-----
From:	Mohamed Lrhazi [SMTP:[email protected]]
Sent:	Friday, August 03, 2001 6:20 PM
To:	[email protected]
Subject:	[FW1] Routing from a VPN tunnel into another VPN tunnel !!



Hello All,

Is it possible to configure CKP so that some specific traffic coming from a
VPN tunnel gets
routed through yet another VPN tunnel?
If not, what are my options to establish such communication?

clients ---> FW-1@Site1 -----VPN------> FW-1@Site2 -----VPN------>
FW-1@Site3 ---> server

Would a solution be: have a router after FW-1@Site2 route the traffic back
into FW-1@Site2?

Any input appreciated,
Thank you.

Mohamed~


============================================================================
====     To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html=============================
===================================================


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.