[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Site to Site VPN Question
You shouldn't have to renumber your network or anything that drastic. I have a client who has this situation occur frequently; in such cases, we use NAT rules on the Checkpoint to translate our internal addresses to something else when talking to the hosts on the other side. You should be able to set up something similar. Basically, in the addressing policy, we're talking about a rule that looks something like the following if the access you need is strictly him --> you: Rule 1: Original Packet: His IP or net (src) --> Fake host IP for your internal box that doesn't conflict w/his net (dest) --> Any (svc) Translated Packet: Original (src) --> Actual IP of your internal host (dest) --> Any (svc) Rule 2: Original Packet: Actual IP of your internal host (src) --> His IP or net (dest) --> Any (svc) Translated Packet: Fake host IP for your internal box that doesn't conflict w/his net --> Original (dest) --> Any (svc) You should have one pair of NAT rules for any internal host that your vendor needs to touch. Hope this helps. -----Original Message----- From: Kevin Buckley [mailto:[email protected]] Sent: Sunday, April 28, 2002 8:04 AM To: [email protected] Subject: [FW-1] Site to Site VPN Question I need to set up a VPN site to site with a vendor. I gave the vendor my encryption domain and he said he already had that IP scheme used by a different client. I setup a test network with an IP scheme he didn't have being used by anyone else and we can get everything to work great. The problem is I need to be able to set it up using the IP scheme used through out or company. Any ideas????? I am running checkpoint NG FP1 I have all my internal networks configured for hide NAT behind an IP different than the external IP of the firewall. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|