NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Hub and Spoke VPN



Are you using the router as the central termination point for all of the
spoked VPN's? This is not an option for me at this time. I need to use a
checkpoint as the central termination point. The problem I seem to be having
is getting checkpoint to take the decrypted packet from the first tunnel and
insert it into a second tunnel.

-Jeff


----- Original Message -----
From: "Peter Papadopoulos" <[email protected]>
To: <[email protected]>
Sent: Thursday, January 31, 2002 1:58 PM
Subject: Re: [FW-1] Hub and Spoke VPN


> Hub and spoke is the way to go, with a router at the hub to direct traffic
> to all the spokes.
> traversing the fw twice to go from spoke to spoke could be considered bad,
> but life is easy for admin.
>
> I am currently managing a 6 spoke wheel like this.
>
> Pete
>
> ----- Original Message -----
> From: "JP" <[email protected]>
> To: <[email protected]>
> Sent: Wednesday, January 30, 2002 11:54 PM
> Subject: Re: [FW-1] Hub and Spoke VPN
>
>
> > The rules will be different and there are multiple central management
> > consoles. Any thoughts on accomplishing my origional objective.
> >
> > -Jeff
> > ----- Original Message -----
> > From: "Don" <[email protected]>
> > To: <[email protected]>
> > Sent: Thursday, January 31, 2002 11:58 AM
> > Subject: Re: [FW-1] Hub and Spoke VPN
> >
> >
> > > > > Is there a reason you don't want to fully mesh them?
> > > > Yes, the configuration does not scale well. If you have 20 sites
> setting
> > up
> > > > the VPNs fully meshed is much more complex and adding an additional
> site
> > or
> > > > removing one will be very time consuming. Using a hub and spoke
model
> > the
> > > > configuration will be much quicker.
> > > If the rules are the same for every VPN then you should be able to set
> up
> > > groups to make this management far easier. Create a group for all of
the
> > > VPN Encryption domains and use this group to create the no-NAT rule,
as
> > > well as the service rules.
> > >
> > > Adding a new network from that point forward should be as simple as
> adding
> > > it to the Encryption Domain Group (Which takes care of the rule and
the
> > > NAT), and adding the shared secret for IKE (Assuming you are using
IKE)
> > > which CheckPoint will propagate to all of the other firewalls
(Assuming
> > > you have an Enterprise Management Console).
> > >
> > > If you are not using IKE, are not using a central management console,
or
> > > do not have the same rules for all of the VPN's, then please ignore my
> > > ravings.
> > >
> > > -Don
> > >
> > > > > -Jeff Pecchio > >
> > > > ----- Original Message -----
> > > > From: "Don" <[email protected]>
> > > > To: <[email protected]>
> > > > Sent: Thursday, January 31, 2002 9:45 AM
> > > > Subject: Re: [FW-1] Hub and Spoke VPN
> > > >
> > > >
> > > > > > Does anyone have experience with a hub and spoke architecture
for
> > VPN's
> > > > > > using 4.1. I have numerous sites that all need connectivity to
> each
> > > > > > other and do not want to fully mesh them.
> > > > > This is going to double the traffic on the hub and it's Internet
> > > > > connection.
> > > > >
> > > > > Is there a reason you don't want to fully mesh them?
> > > > >
> > > > > -Don
> > > > >
> > > > > =================================================
> > > > > To set vacation, Out Of Office, or away messages,
> > > > > send an email to [email protected]
> > > > > in the BODY of the email add:
> > > > > set fw-1-mailinglist nomail
> > > > > =================================================
> > > > > To unsubscribe from this mailing list,
> > > > > please see the instructions at
> > > > > http://www.checkpoint.com/services/mailing.html
> > > > > =================================================
> > > > > If you have any questions on how to change your
> > > > > subscription options, email
> > > > > [email protected]
> > > > > =================================================
> > > > >
> > > >
> > > > =================================================
> > > > To set vacation, Out Of Office, or away messages,
> > > > send an email to [email protected]
> > > > in the BODY of the email add:
> > > > set fw-1-mailinglist nomail
> > > > =================================================
> > > > To unsubscribe from this mailing list,
> > > > please see the instructions at
> > > > http://www.checkpoint.com/services/mailing.html
> > > > =================================================
> > > > If you have any questions on how to change your
> > > > subscription options, email
> > > > [email protected]
> > > > =================================================
> > > >
> > >
> > > =================================================
> > > To set vacation, Out Of Office, or away messages,
> > > send an email to [email protected]
> > > in the BODY of the email add:
> > > set fw-1-mailinglist nomail
> > > =================================================
> > > To unsubscribe from this mailing list,
> > > please see the instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > > =================================================
> > > If you have any questions on how to change your
> > > subscription options, email
> > > [email protected]
> > > =================================================
> > >
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.