[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] vpn/securemote question.
You will need to create a 'site' on the SR client to site B, which will download the topo as specified in site B's encryption domain. This will give you a VPN to site A and a second VPN to site B. On site B's fw you will have to set up a user account etc. If you set up the same UID and pw as you did on site A then the SR client can tick the 'remember password' checkbox. This should (although it does not in my experience) remember the pw the user entered when authenticating site A and send it to site B. If you use something like SecurID then things get more complicated - good luck if you do - you're out of my experience there! Julan Burton |---------+--------------------------------------------> | | Ulysees <[email protected]> | | | Sent by: Mailing list for | | | discussion of Firewall-1 | | | <[email protected]| | | KPOINT.COM> | | | | | | | | | 03/10/2003 18:56 | | | Please respond to Mailing list | | | for discussion of Firewall-1 | | | | |---------+--------------------------------------------> >-----------------------------------------------------------------------------------------------------------------| | | | To: [email protected] | | cc: | | Subject: [FW-1] vpn/securemote question. | >-----------------------------------------------------------------------------------------------------------------| I've been racking my brains for a few hours on a rulebase to do this and I can't get it to work. 2 sites running NG FP3 hf2+ssl, vpn set up between the 2 of them using a community and limited traffic flowing between the 2 of them. I have some securemote users off site A who access exchange & a few other things as they roam. Some of that traffic is not allowed in the VPN between site A & site B as it would saturate the link between them, however I want any of my securemote users to be able to roam onto the B network and access the services they would normally access via securemote from there. I thought it'd be a case that Securemote authenticates to the firewall at site A and establishes a tunnel to it (have allowed that in the rulebase on B), however in the fw log on site A I get "Encryption failure: Different community ID, possible NAT problem (VPN Error code 02)" on the ike rule The Nat rules that apply are allinternalnets to allinternalnets = original to original net A to any = FW A(hide) to original net B to any = FW B(hide) to original Anybody got any ideas where it's going wrong or a better way of doing it ? Uly ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. ********************************************************************** Zenith Insurance Management Limited Registered No. 3805632 Registered @ Zenith House, Market Place, Haywards Heath, West Sus, RH16 1DB. NOTICE: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the [email protected] and delete the message and any attachments accompanying it immediately. ********************************************************************** ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|