If I understand what you are looking for, NGX will allow you to do it. Basically, I think you want to be able to send Dynamic Routing Protocols (OSPF) through the tunnel. With my limited Dynamic Routing experience, I would expect that if the tunnel were to go down, the 2 "neighboring routers" would no longer be able to talk, and therefore the route would be deleted if the tunnel went down.
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Chris Lyon Sent: Tuesday, August 23, 2005 3:00 PM To: [email protected] Subject: Re: [FW-1] Nokia VPN NG or NGX OSPF On 8/23/05, cisco4ng <[EMAIL PROTECTED]> wrote: > The firewall has a default gateway and the default gateway will take care of > that. You don't need to add any static routes unless you are terminating VPN > on interfaces that do not use the default gateway. Let's say that the firewall isn't the default gateway. Will the Nokia advertise the route for a network on the other end of a VPN tunnel using Checkpoint? If I can remember right, FP3 didn't do this as Checkpoint didn't pass routing information down to IPSO. Does anybody know? > > Questions 2 and 3 are not relevant unless you're talking GRE/IPSec. Cisco IOS > supports tunneling GRE inside an IPSec tunnel. I think Nokia can do the same > thing. In case of tunneling GRE inside IPSec tunnel, then the routes will go away > if the VPN goes down, which makes sense because the IPSec tunnel is used to > transport/encrypt GRE. Now, if the question above is a YES, then Q2 and Q3 become relevant. BTW, I am not talking GRE/IPSec. > > HTH > > Chris Lyon <[EMAIL PROTECTED]> wrote: > A few questions around Checkpoint NG or NGX on Nokia - > > 1) If you configure a VPN for a remote location, to another Checkpoint > or Juniper or Cisco as the other end, does CP enter one or more routes > representing the remote site address space into the Nokia OS? > 2) If not, how does the Firewall know where to route the packets? > 3) If the VPN goes down do the routes then go away? > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= IMPORTANT: The information contained in this electronic message and/or its attachments is intended only for the use of the individual(s) named above and may contain information that is privileged and/or confidential. If you are not the intended recipient, please notify the sender immediately by reply and immediately delete this message and all its attachments without making any copies or distributions thereof. Any review, use, reproduction, disclosure or dissemination of this message or any attachment by an unintended recipient is strictly prohibited and may violate copyrights and/or other laws. Neither the sender, his or her employer nor any of their respective affiliates makes any warranties as to the completeness or accuracy of any of the information contained herein or that this message or any of its attachments is free of viruses. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
