Hi, If you are referring to the NGX / NGAI counterpart, then yes. I usually refer this as : VPNGW and application in the same host.
It could work if there's a software-based VPNGW configured in that host. regards, ali On 12/3/06, Edouard Zorrilla <[EMAIL PROTECTED]> wrote:
Hello Sir, All of this with the same source host ? Regards ----- Original Message ----- From: "Ali Husen Sumantoro" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Saturday, December 02, 2006 7:15 AM Subject: Re: [FW-1] Making host perform a IPSec VPN and a IP traffic > Dear Edouard, > > I've had experience setting up some VPN connections from NGX or NG AI > to a single host. (equipped with software based VPN Gateway i.e. > raccoon, freeswan, openswan). > > MyHost-NGX-----------(tunnel)-----------PartnerHost(VPNGW+application > server) > > In Partners host there are Freeswan/Openswan/Raccoon and also the > application that needs to communicate with MyHost. > > To enable this I usually create PartnerHost as Interoperable Device > and the domain encryption is set to "match all behind gateway". > > Rule : > PartnerHost (Source) --- MyHost (destination) ---- Encrypt (Any) --- > Service (TCP XXXX). > > regards, > Ali Husen Sumantoro > Excelcomindo Pratama > Jakarta, Indonesia > > On 12/2/06, Edouard Zorrilla <[EMAIL PROTECTED]> wrote: >> Hello, >> >> I wonder if some of you were able to make a host perform a tunnel IPSec >> and a normal IP traffic at the same time with a host alone. When I set up >> a tunnel it works but the host is not able to send ip traffic any more. >> >> I mean: >> >> SiteA >> ^ >> | >> IP Traffic w/o IPSec. >> | >> | >> Host---VPN-IPSec-Tunnel-->SiteB >> >> When It send traffic to SiteA it says that it must be encrypted and it is >> droped, however thru the IPSec tunnel works well. I am making a NAT so >> that the tunnel IPSec works. >> >> I will appreciate some of you make this work in a NGX appliance. >> >> Best Regards >> >
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
