To avoid such conditions, I usually set-up a special segment reserved for Partners encryption domains. Therefore, I will ask Partners to NAT their servers which need to connect to my servers using subnet block extracted from the special segment.
This way, I could have consistent domain encryptions, routing and anti spoofing enabled. This setup will be useful if Partners are using private IPs for their servers. rgds, Ali HS IT Security Analyst Excelcomindo Pratama www.xl.co.id On 10/4/07, Jose Valdivia <[EMAIL PROTECTED]> wrote: > Hello all, I have this scenario: > > Lan 10.10.10.0/24(1) --- [FW](1) ------ Internet ------ [FW](2) ------ > Several lans, one of them 10.10.10.0/24(2), and the destination > 192.168.1.0/24 > > I need to create a VPN site to site, allowing traffic from 10.10.10.0/24(1)to > 192.168.1.0/24, is bidirectional taffic. > > I have control on [FW](2). That means that any change talking about NATs > should be do it by me. > > By the way, I have others VPNs and the network 10.10.10.0/24(2), is used on > it. > > I really don't know how to set up this, I been thinking if I use the > 10.10.10.0/24 has domain encryption on the interporable device [FW](1), but > I don't know how checkpoint is going to handle this. > > Any one has been in this situation before ? > Regards. > -- > > -- > Jose Valdivia > Firewall Enginner > > Perot Systems > CCSA CCSE WCSA NCMA NCMP > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
