Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VPN & SecuRemote combined

To: [email protected]
Subject: Re: [FW-1] VPN & SecuRemote combined
From: Reinhard Stich <[email protected]>
Date: Fri, 11 Jan 2002 14:06:55 +0100
Comments: To: [email protected]
Comments: cc: [email protected]
In-reply-to: <[email protected]>
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

At 23:51 11.01.2002 +1100, John Georges wrote:

[...]

> >We want to establish a VPN connection between FWA and FWB which is simple
> >enough, however people on NET1 will also be required to authenticate and
> >encrypt to FWA for traffic going to NET2.
> >
> >The results in two almost identical rules on FWA:
> >
> >1. NET1 ---> NET2   Any   Client Encrypt
>
> wenn - if you want to use securemote to connect to NET2 and authenticate
> your users on FW-B you should implement this rule on FWB. in that case you
> don't need the second rule, just configure secuRemote to connect to NET2
> through FWB on every client in NET1 and it works!

Sorry, I want to authenticate off FWA, not FWB.  Authentication of NET1
users must be done by FWA.  (management of users and the firewalls is to
remain within the respective companies).

> maybe you want to use "User Auth" instead of "Client Enctrypt" ??

No, as far as I know we want to use Client Encrypt.  The aim is to encrypt
all traffic on NET1, User Auth won't do that for us.


the encryption is done with the 2nd rule (net1 -> net2 encrypt), above this
rule you have to make a rule 1 (net1 -> net2 session-auth). then you have
to authenticate because of rule 1 and traffic is ancrypted because of rule 2.

I didn't test it myself but I think it should work!

cheers
-reinhard

--
Reinhard Stich,   ASSIST    [email protected]
Internet Security AG, 1190 Wien, Nussdorfer Laende 29-33
Tel: +43 1 370 94 40  RS784-RIPE Fax: +43 1 370 94 40-10

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] VPN & SecuRemote combined
  - From: Reinhard Stich <[email protected]>

Prev by Date: Re: [FW-1] VRRP vs StoneBeat
Next by Date: [FW-1] SecuRemote through Terminal Server
Previous by thread: Re: [FW-1] VPN & SecuRemote combined
Next by thread: Re: [FW-1] [fw1-wizards] Multi homed FW [virus checked]
Index(es):
- Date
- Thread