Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Hub and Spoke VPN

To: [email protected]
Subject: Re: [FW-1] Hub and Spoke VPN
From: JP <[email protected]>
Date: Thu, 31 Jan 2002 00:54:30 -0500
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

The rules will be different and there are multiple central management
consoles. Any thoughts on accomplishing my origional objective.

-Jeff
----- Original Message -----
From: "Don" <[email protected]>
To: <[email protected]>
Sent: Thursday, January 31, 2002 11:58 AM
Subject: Re: [FW-1] Hub and Spoke VPN


> > > Is there a reason you don't want to fully mesh them?
> > Yes, the configuration does not scale well. If you have 20 sites setting
up
> > the VPNs fully meshed is much more complex and adding an additional site
or
> > removing one will be very time consuming. Using a hub and spoke model
the
> > configuration will be much quicker.
> If the rules are the same for every VPN then you should be able to set up
> groups to make this management far easier. Create a group for all of the
> VPN Encryption domains and use this group to create the no-NAT rule, as
> well as the service rules.
>
> Adding a new network from that point forward should be as simple as adding
> it to the Encryption Domain Group (Which takes care of the rule and the
> NAT), and adding the shared secret for IKE (Assuming you are using IKE)
> which CheckPoint will propagate to all of the other firewalls (Assuming
> you have an Enterprise Management Console).
>
> If you are not using IKE, are not using a central management console, or
> do not have the same rules for all of the VPN's, then please ignore my
> ravings.
>
> -Don
>
> > > -Jeff Pecchio > >
> > ----- Original Message -----
> > From: "Don" <[email protected]>
> > To: <[email protected]>
> > Sent: Thursday, January 31, 2002 9:45 AM
> > Subject: Re: [FW-1] Hub and Spoke VPN
> >
> >
> > > > Does anyone have experience with a hub and spoke architecture for
VPN's
> > > > using 4.1. I have numerous sites that all need connectivity to each
> > > > other and do not want to fully mesh them.
> > > This is going to double the traffic on the hub and it's Internet
> > > connection.
> > >
> > > Is there a reason you don't want to fully mesh them?
> > >
> > > -Don
> > >
> > > =================================================
> > > To set vacation, Out Of Office, or away messages,
> > > send an email to [email protected]
> > > in the BODY of the email add:
> > > set fw-1-mailinglist nomail
> > > =================================================
> > > To unsubscribe from this mailing list,
> > > please see the instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > > =================================================
> > > If you have any questions on how to change your
> > > subscription options, email
> > > [email protected]
> > > =================================================
> > >
> >
> > =================================================
> > To set vacation, Out Of Office, or away messages,
> > send an email to [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Hub and Spoke VPN
  - From: Peter Papadopoulos <[email protected]>

References:
- Re: [FW-1] Hub and Spoke VPN
  - From: Don <[email protected]>

Prev by Date: Re: [FW-1] Unusual source
Next by Date: [FW-1] Service entries
Previous by thread: Re: [FW-1] Hub and Spoke VPN
Next by thread: Re: [FW-1] Hub and Spoke VPN
Index(es):
- Date
- Thread