Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] 2 internet links on 1 firewall

To: [email protected]
Subject: Re: [FW-1] 2 internet links on 1 firewall
From: Yannick Lo Guidice <[email protected]>
Date: Tue, 6 Nov 2001 16:14:28 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Mmmm,

the following scheme presents the situation :

X Inet access (normal)-----------x(FW)y--------------Y Inet access (VPN)
                           l
                           |
                           |
                           |
                          Lan

So my FW has 3 interfaces : x, y & l.

The source adresses are unknown, these are securemote roaming users on the
Internet.
The destination address is known, this is the y interface of the FW.
The solution would have been to use source routing, but the source adresses
are not known...

Now you propose to add a static route saying that all traffic destined to y
will be sent back to the y router. I don't know how to make that. Can you
precise ?


--
Yannick Lo Guidice
email : [email protected]
tel : 04 9211 5967
fax : 04 9211 5959
Security & FW Support
IBM Global Services NDSC France




                    Kim Longenbaugh
                    <[email protected]>                 To:     [email protected]
                    Sent by: Mailing list for discussion       cc:
                    of Firewall-1                              Subject:     Re: [FW-1] 2 internet links on 1 firewall
                    <[email protected]
                    point.com>


                    11/06/2001 03:35 PM
                    Please respond to Mailing list for
                    discussion of Firewall-1





How about adding a static route on your firewall pointing traffic destined
for x to the x router?

>>> [email protected] 11/06/01 03:17AM >>>
Hi all,

I'm new to the list so I hope the question I'll pose has not been posed
hundred times... In that case, I'll be sorry for that.

As of today I have a cluster of CP FW1 under Solaris 2.6 using CP HA. I've
got a Internet link provided by ISP x (IP addressing x). My default route
is the Internet x access.

Tomorrow I'll get a new internet link furnished by ISP y (IP addressing y).
I want to use the new link exclusively for VPN connections. As it is easy
for Lan-to-lan connections using static routing, it poses a problem for
securemote users :
the securemote users can connect to the FW using the new y IP addressing,
but the backward route will be the default route of the FW (x Internet
link).

I'm looking for a solution to separate the different Internet streams
(Internet access & VPN access) on the two links. Has anyone of you already
handled this kind of situation ?

Many thanks for your support.

--
Yannick Lo Guidice
email : [email protected]
tel : 04 9211 5967
fax : 04 9211 5959
Security & FW Support
IBM Global Services NDSC France

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Prev by Date: [FW-1] URI Rule and logging problem
Next by Date: Re: [FW-1] URI Rule and logging problem
Previous by thread: Re: [FW-1] 2 internet links on 1 firewall
Next by thread: Re: [FW-1] 2 internet links on 1 firewall
Index(es):
- Date
- Thread