What you want to accomplish is totally doable in CP. However, I've never
worked with an IP-40, but I have done what you want to do using Star topo
and domain-based vpn with regular CP gateways. Choose the VPN routing
option on your Star community props ("to center and thru center to
satellites"). You can also edit the $FWDIR/conf/vpn_route.conf file if you
need to route between different communities. Create one rule to cover
traffic in both directions. You can even route vpn-client to vpn-client.
Check out sk31021. Also read the VPN Routing section of the VPN-1 PDF on
your CP media.
HTH,
Neil Delacruz
On 1/25/06, Aleks Feltin <[EMAIL PROTECTED]> wrote:
>
> Hi folks!
>
> I am looking for your help , wchich could be a solution to my issue.
> I'm building a site-to-site VPN between 3 gateways. Gateways
> authenticate each other using the pre-shared key. Different VPN-1
> versions are used with management installed on each. There is also one
> Nokia IP-40 embedded device.
>
> Communication between IP-40 and NGX works just perfectly, although this
> is not enough. To complete the goal node in LAN-A should access
> resources in LAN-B and vice versa.
> Check Point VPN guide offers 2 ways how to implement VPN routing - based
> on the VPN domain or using the OS routing. I believe the latter is much
> more harder.
> My first question is which one could be easier to use, and where i could
> find some step by step guides according the similar topology?
> Additionally, sharing your experience is appreciated!
>
> Here is an information about topology:
>
> VPN Domain A -- 192.168.11.0/24
> |
> |
> [ 192.168.11.1 ]
> Firewall A (IPSO/R55W)
> [ 10.0.5.2 ]
> |
> |
> External Network -- 10.0.5.0/24
> |
> |
> switch ----- 10.0.5.1 Central Gateway (IPSO/NGX)
> |
> |
> External Network 10.0.5.0/24
> |
> |
> [ 10.0.5.4 ]
> Firewall B (Nokia IP-40 embedded device)
> [ 192.168.10.1 ]
> |
> |
> VPN Domain B -- 192.168.10.0/24
>
> I hope to get some helpful answers, also i am ready to supply you with
> additional information if needed.
> with best regards,
>
> Aleks
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
