Hi
There are some steps to do to reach the networks
connected site-by-site to the main site you've
connected to with secureclient. Please be aware that
I've not tested this config for Edge or S-Boxes but vor
FW1 Sites with VPN1-Net or any other license. But I'm
quite sure that this should also work for this small
office boxes.
It is needed that you use office mode and have the
office mode range in the Enc_A encryption domain of
firewall A.
[RemoteAccessClient] -------> [ Firewall A (Enc_A)]
----(vpn over Internet)---[Firewall B (Enc_B)]
# Firewall A and Firewall B are in the same community
Step - by - Step
-----------------
1. Include Enc_B into Enc_A ( defined on the object on
the gui )
1.1 On the firewall object of Firewall A go to the tab
"Remote Access"
and enable HUB Mode Configuration ( Allow
Secure Client to route traffic through this gateway)
1.2 Use Dbedit and change the key
"GW_route_traffic_for_OM_address" to true (in global
properties)
1.3 Use Dbedit and check ( if you use VPN1-Net ) that
under "Network Objects" -> "network_objects" in the
config of the firewall the "exportable" is set to
"false"
2. make an entry in $FWDIR/conf/vpn_route.conf (please
be aware that the force_override is needed)
#destination router install_on
[force_override]
Enc_B Firewall B
Firewall A force_override
So that's all.
Philip Markwalder
--
Celeris AG
http://www.celeris.ch/
Studbachstrasse 13b Phone: +41 1
938 5720
CH-8340 Hinwil Fax: +41 1
938 5721
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On
Behalf Of Ray
Sent: Freitag, 3. September 2004 20:58
To: [EMAIL PROTECTED]
Subject: [FW-1] VPN routing question
I just set up a test VPN from an R55 gateway to an Edge
XU box and I now have my computer on it's internal
network.
When I have SecureClient running on my computer, I
can't get to the "real"
internal network. I have to disable the policy, even
though this new internal network is allowed in the
desktop security policy, and also stop SecureClient.
Then everything works OK.
I vaguely recall reading about this before and it
seemed that it had something to do with the topology
being fed to SecureClient. All remote access will be to
the R55 gateway and then down the site-to-site VPN to
the Edge internal networks. We are using hub mode for
SecureClient.
Any pointers would be appreciated!
Thanks,
Ray
_______________________________________________________
__________
Express yourself instantly with MSN Messenger! Download
today - it's FREE!
hthttp://messenger.msn.click-url.com/go/onm00200471ave/
direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages, send
an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
