Hi Peter,
Their encryption domain must be set up using the 172.20 address block. You
only use the 80.x address to establish the VPN. After the VPN is up, that
address does not exist as far as the site-to-site VPN traffic is concerned.
You usually do not want any kind of NAT going on in the VPN tunnel itself.
You just need to make sure that their internal IP range is different than
yours and that your default internal network route ends up at the internal
interface of FW-1. If you do a "tracert 172.20.whatever" from your computer
and it ends up at FW-1, you should be OK. You may need to check all of your
subnets to assure their default route is the same.
FW-1 will take care of the routing for you.
HTH,
Ray
From: Peter Addy <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: [FW-1] Site 2 site VPN
Date: Sat, 10 Jun 2006 02:46:06 -0700
Hi
Can someone please tell me if i was was to setup a vpn between an
external site and our Checkpoint NG AI and the exteranl site was using an
internal address range of 172.20..x.x, and their firewall gateway was
80.x.x.x., could i use the gateway 80.x.x.x address for the encryption
doamin for the external site? therefoe same IP for gateway and topoloy.
Would this work? would i need any nat rules ?
Or does if specifically need to be an address that is routable?
Hoping to do this using the simpified mode
Thanks for your help guys
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
