The problem here is one of my networks is been used on my peer side. I review that document, but I only see how to configure a normal VPN with out network overlapping issues.
I been thinking in the use of Manual NAT rules, but I not sure who checkpoint is going to handle the domain encription Thanks for the replay On 10/4/07, Din Cox <[EMAIL PROTECTED]> wrote: > > Jose, > > Checkpoint's website has an article that give you step-by-step > instructions on creating a site-to-site VPN with interoperable devices. > Kb-sk31773. Check Point products support fully overlapping and proper > subset VPN domains. Currently, support for partially overlapping VPN > Domains is for Gateway to Gateway VPN. > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of Jose > Valdivia > Sent: Thursday, October 04, 2007 4:40 PM > To: [email protected] > Subject: Re: [FW-1] [FW1] VPN site to site overlapping one network > > The problem here is my Partner, I have to configure all on my side, but > looks like my Partner have to set up the NAT on his side. I set up once > a > VPN with the same network on both sides, but I have to create NATs in > both > sides, I think is is only one network duplicated, and is not used on the > vpn > against that specific peer, maybe there is a way to do it. > > Thanks for the replay. > > On 10/3/07, Ali Husen Sumantoro <[EMAIL PROTECTED]> wrote: > > > > To avoid such conditions, I usually set-up a special segment reserved > > for Partners encryption domains. Therefore, I will ask Partners to NAT > > their servers which need to connect to my servers using subnet block > > extracted from the special segment. > > > > This way, I could have consistent domain encryptions, routing and anti > > spoofing enabled. > > This setup will be useful if Partners are using private IPs for their > > servers. > > > > rgds, > > Ali HS > > IT Security Analyst > > Excelcomindo Pratama > > www.xl.co.id > > > > On 10/4/07, Jose Valdivia <[EMAIL PROTECTED]> wrote: > > > Hello all, I have this scenario: > > > > > > Lan 10.10.10.0/24(1) --- [FW](1) ------ Internet ------ [FW](2) > > ------ > > > Several lans, one of them 10.10.10.0/24(2), and the destination > > > 192.168.1.0/24 > > > > > > I need to create a VPN site to site, allowing traffic from > > 10.10.10.0/24(1)to > > > 192.168.1.0/24, is bidirectional taffic. > > > > > > I have control on [FW](2). That means that any change talking about > NATs > > > should be do it by me. > > > > > > By the way, I have others VPNs and the network 10.10.10.0/24(2), is > used > > on > > > it. > > > > > > I really don't know how to set up this, I been thinking if I use the > > > 10.10.10.0/24 has domain encryption on the interporable device > [FW](1), > > but > > > I don't know how checkpoint is going to handle this. > > > > > > Any one has been in this situation before ? > > > Regards. > > > -- > > > > > > -- > > > Jose Valdivia > > > Firewall Enginner > > > > > > Perot Systems > > > CCSA CCSE WCSA NCMA NCMP > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > > > -- > Jose Valdivia > Firewall Enginner > > Perot Systems > CCSA CCSE WCSA NCMA NCMP > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Jose Valdivia Firewall Enginner Perot Systems CCSA CCSE WCSA NCMA NCMP ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
