[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] 2 internet links on 1 firewall
Mmmm, the following scheme presents the situation : X Inet access (normal)-----------x(FW)y--------------Y Inet access (VPN) l | | | Lan So my FW has 3 interfaces : x, y & l. The source adresses are unknown, these are securemote roaming users on the Internet. The destination address is known, this is the y interface of the FW. The solution would have been to use source routing, but the source adresses are not known... Now you propose to add a static route saying that all traffic destined to y will be sent back to the y router. I don't know how to make that. Can you precise ? -- Yannick Lo Guidice email : [email protected] tel : 04 9211 5967 fax : 04 9211 5959 Security & FW Support IBM Global Services NDSC France Kim Longenbaugh <[email protected]> To: [email protected] Sent by: Mailing list for discussion cc: of Firewall-1 Subject: Re: [FW-1] 2 internet links on 1 firewall <[email protected] point.com> 11/06/2001 03:35 PM Please respond to Mailing list for discussion of Firewall-1 How about adding a static route on your firewall pointing traffic destined for x to the x router? >>> [email protected] 11/06/01 03:17AM >>> Hi all, I'm new to the list so I hope the question I'll pose has not been posed hundred times... In that case, I'll be sorry for that. As of today I have a cluster of CP FW1 under Solaris 2.6 using CP HA. I've got a Internet link provided by ISP x (IP addressing x). My default route is the Internet x access. Tomorrow I'll get a new internet link furnished by ISP y (IP addressing y). I want to use the new link exclusively for VPN connections. As it is easy for Lan-to-lan connections using static routing, it poses a problem for securemote users : the securemote users can connect to the FW using the new y IP addressing, but the backward route will be the default route of the FW (x Internet link). I'm looking for a solution to separate the different Internet streams (Internet access & VPN access) on the two links. Has anyone of you already handled this kind of situation ? Many thanks for your support. -- Yannick Lo Guidice email : [email protected] tel : 04 9211 5967 fax : 04 9211 5959 Security & FW Support IBM Global Services NDSC France =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|