You also probably could do it by manually editing the vpn_routing.conf file but you'll have to referto the manual for how to do that.
Ray
From: cisco4ng <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[email protected]> To: [email protected] Subject: Re: [FW-1] securemote question Date: Mon, 21 Mar 2005 09:23:18 -0800
I think in a production environment, SecureRemote will NOT work. You will need to configurure "Office Mode" and SecureClient. But that would mean paying extra $$$ to checkpoint for license. I could be wrong on this one.
This is what I suggest you would do:
1) dump checkpoint at Site A and purchase a Cisco VPN concentrator, 2) setup site-to-site VPN between site A and site B, 3) set up remote vpn access on the concentrator using Cisco vpn client, 4) make the IP pool of the remote access users part of the concentrator local encryption domain,
It is working perfectly for me and I have that this feature is FREE on Cisco VPN concentrator. I would dump the checkpoint box at site A if I were you.
This is strictly my opinion and you don't have to agree.
cisco4ng
Mart�n Alcal� Rub� <[EMAIL PROTECTED]> wrote: Hi Rob,
In the hipotetycal case its possible, you are miss-ussing SR, because you'll introduce your packets onto an insecure network again after decrypting them. But if this isn't important for you can try a redirect with an unexistatant host.
Saludos cordiales,
Mart�n Alcal� Rub� - Ingenier�a de Clientes Security Advisor www.sadvisor.com
Robert Geller wrote:
> Group: > > I have a site A which has access to site B. I want to be > able to terminate SR connections at site A and access site B. > Site A and B have connectivity over the internet only. > > The problem I see is that this doesnt work when sending > the traffic back out the external interface. I have done this > in the past routing through internal interfaces. > > Im not sure if this is possible with SecuRemote. I see > my Securemote connections being decrypted, but it never > makes it back out the external interface. I dont > see anything significant in the logs. It looks like the > traffic is just dying after the decrypt. > > Any ideas / suggestions are appreciated. > > -Rob > > > > > > > -- > This message has been scanned for viruses and > dangerous content, and is believed to be clean. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > >
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
--------------------------------- Do you Yahoo!? Yahoo! Small Business - Try our new resources site!
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
