[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Point-to-Point VPN
Hi, Please excuse the crude ASCII diagram: ------------ | | | Internet | |------------| |------------ | ------------ | | | | | ---------- ---------- | | | | | Corp | | Remote | | | | | ---------- ---------- | | <Cisco Router> <Cisco Router> | | |----------<Private T-1>-----------| I'd like to setup a VPN as failover for the private T-1. However, I don't want traffic encrypted over the T-1. So far, the advice I've been given is to setup a VPN rule and disable it until needed. But, this doesn't exactly meet my needs since it requires a manual step to initiate the failover. I'm using a distributed setup with the FW-1/VPN-1 NG FP1 products running on Nokia boxes and the management station running on a Windows 2000 server. I can't use the IPSec tunnels that are part of the Nokia boxes unless I want to change my SecuRemote users to FW-1 encryption, which I'd also, rather not do since Checkpoint seems to be downplaying the protocol in favor for IPSec. And, I also don't want to replace the Nokia boxes or put a server in between it and the rest of the network as a new default gateway. Seems like I'm being picky doesn't it? ;) But, if it was a different firewall/VPN product that didn't use encryption domains, it'd be easy. I like Checkpoint but I'm having difficulty finding a solution to this problem. Thanks for any help, Robert ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|