[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] How to implement multiple VPNs with different encryption domain on the same NG fw module?
Hi all, I'm trying to implement on a fw-1 module (smart console NG with AI, fw module NG FP2) two VPNs with different encryption domains: a site-to-site VPN (enc. dom. 192.168.240.0/24) and a client-to-site VPN (enc. dom 192.168.0.0/16). My first attempt was to put in the encryption domain the /16, but I couldn't make the same change to the other peer (which is external). The two peers couldn't negotiate a security association any more, even if I put the /24 in the encryption rule . So, I left the /16 in the encryption domain and I tried to use SecureClient with office mode. No way to reach subnets outside the domain. I'm using traditional mode VPN but I did some tests using Simplified mode. It seems that there is no possibility to define the encryption domain on each community. Any suggestions? Thanks a lot for your help! Claudia ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|