Dear Kalpesh,
it's me again...
I refuse to let you work with this configuration. The solution is to add
the office mode range to the UK encryption domain. As soon as US
Firewall knows about this it can establish an SA for this destination
network. Then UK firewall relays the traffic to the US network. Also UK
Gateway needs the feature of "allow secureclients to route traffic
through gateway". Also the Secureclient must use "route all traffic
through gateway. Have a look on my previous post.
Martin
Kalpesh Patel wrote:
Is there a way around this.....
The Problem:
UK would like their VPN client users to access Siebel Server in US. In
order to do so for example Uss7App server would have to be added to the UK
encryption domain. Then their VPN clients can access it.
However, now the Uss7App server IP in the UK encryption domain overlaps
with the IP in the US encryption domain. Now the VPN tunnel will give
overlapping IP address errors or invalid SA errors. Encryption domains
cannot have the same IP?s configured for VPN tunnels to work.
Trying to NAT the IP on the UK firewall or the US firewall does not work
because the VPN client will recognize the NAT taking place and want the
NAT?d IP in the encryption domain which will cause the overlap again.
Thanks
Kalpesh
This message has been scanned for viruses by BlackSpider MailControl -
www.blackspider.com
Website: http://www.kingston.com/europe
Registered in England, No: 3643195 VAT No: GB 720 5258 60"
"This email and any attachments is intended for the addressee only.
It may contain confidential, proprietary or legally privileged
information and any views or opinions presented are solely those of the author.
If you are not the address you have received this e-mail in error.
Please notify the sender by return e-mail and then destroy it.
If you have received this e-mail in error, copying, printing,
forwarding or dissemination of this e-mail is strictly prohibited.
We virus scan all e-mails but are not responsible for any damage
caused by a virus or alteration by a third party after it is sent.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
