One solution is to do Hub mode. This forces all traffic from the Remote User to go through the firewall.
There are a few issues though: 1. You have to buy SecureClient licenses for this to work (but this gives you the added advantage of being able to have a firewall at the desktop level - among other advantages) 2. You have to make sure you use Office Mode 3. You have to make sure you NAT the office Mode address as they are connecting out to the internet 4. You add bandwidth usage to your internet connection Chris -----Original Message----- From: Ronny Nussbaum [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 03, 2005 10:22 AM To: [email protected] Subject: [FW-1] Need some VPN help Greetings everyone. I have a situation that I never dealt with, and I'm wondering if you could help me. My VPN configuration is very simple. You may even envy me :) I currently have two R55s, with the latest HFAs, in two sides of the world, and they are VPNing between themselves with traditional VPN: Network A<---->Firewall A<---->Firewall B<---->Network B With this configuration, and some rules, hosts from Network A can communicate with hosts on Network B, and vice-versa. Cool. I also have VPN users on both ends, connecting with SecuRemote to their respective Firewall. Users on site A only connect to Firewall A with SecuRemote. Users on site B only connect to Firewall B with SecuRemote. I always wanted to know how I can make a VPN user connect to one Firewall, and then access servers on the OTHER Network. Something like that: VPN User<--->Internet<---->Firewall A<---->Firewall B<---->Network B Note that I don't want to have the VPN user authenticate to Firewall B. My requirement is that the user will enter Network B after passing through Firewall A first. I want the VPN user to access network B, after authenticating to Firewall A, and then have Firewall A transfer the packets to Firewall B on the already-established site to site VPN. How can this be done? I'll appreciate any help you can give me. Thanks -Ronny ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= IMPORTANT: The information contained in this electronic message and/or its attachments is intended only for the use of the individual(s) named above and may contain information that is privileged and/or confidential. If you are not the intended recipient, please notify the sender immediately by reply and immediately delete this message and all its attachments without making any copies or distributions thereof. Any review, use, reproduction, disclosure or dissemination of this message or any attachment by an unintended recipient is strictly prohibited and may violate copyrights and/or other laws. Neither the sender, his or her employer nor any of their respective affiliates makes any warranties as to the completeness or accuracy of any of the information contained herein or that this message or any of its attachments is free of viruses. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
