The problem here, is that I use that overlapped network into another VPN, very bad isn't
Regards, Thanks for the reply On 10/8/07, Alex <[EMAIL PROTECTED]> wrote: > > There´s a secureknowledge article about that problem, > Do you have a network on the external fw defined that overlaps with a > interface of the 2nd firewall? > Then you have to define a exclusionary group where you except the > interface(s) of firewall 2 from the encryption domain of firewall 1. > > The problem is that the checkpoint gateway interfaces are automatically > added to the encryption domain. > > Unfortunately I dont have the number now, but just search with the exact > error message in secureknowledge, it´s one of the first articles. > > Alex > > -----Ursprüngliche Nachricht----- > Von: Mailing list for discussion of Firewall-1 [mailto: > [EMAIL PROTECTED] Im Auftrag von ???? ?? ???? > Gesendet: Samstag, 6. Oktober 2007 21:08 > An: [email protected] > Betreff: Re: [FW-1] Secure Remote Overlapping encryption domain > > Hi , > I need client-vpn to the second fw in the future. > I configure a network " Disable_Ovelapping_VPN" that is not on my > network and I add it to my second fw encryption domain. > In the first fw I have a group that include all my networks (behind first > & second fw) and the same problem. > I install the policy on both fw. > Do I need to restart some service ? > > Thanks > > > -----Original Message----- > From: Reinhard Stich [mailto:[EMAIL PROTECTED] > Sent: Saturday, October 06, 2007 8:52 PM > To: שאול בן שושן; [email protected] > Subject: AW: [FW-1] Secure Remote Overlapping encryption domain > > > do you need client-vpn to the second fw? > > if no then define a special client-vpn-enc-domain there that does not > include any IP that you have on the first fw. In case you don't need any vpn > on the second fw you can disable vpn on that fw by unselecting vpn in the > fw-object. > > br > reinhard > > -- > Reinhard Stich, Internet Security AG > Mobile email powered by Nokia Intellisync > > -----Ursprüngliche Nachricht----- > Von: ???? ?? ???? > Gesendet: 06.10.2007 20:24:58 > An: ???? ?? ????;[email protected] > Betreff: [FW-1] Secure Remote Overlapping encryption domain > > > Hi, > > We have back to back checkpoint r65 > Users connect in secure remote to the front firewall > In the encryption domain of the front firewall we have all the inside > networks. > In the back firewall encryption domain we have some fake network > When users connect they have error " Overlapping encryption domain" > Any help ? > > Thank you > > > > > > > ************************************************************************************ > This footnote confirms that this email message has been scanned by > PineApp Mail-SeCure for the presence of malicious code, vandals & computer > viruses. > > ************************************************************************************ > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > > > > > > > ************************************************************************************ > This footnote confirms that this email message has been scanned by > PineApp Mail-SeCure for the presence of malicious code, vandals & computer > viruses. > > ************************************************************************************ > > > > > > > > > ************************************************************************************ > This footnote confirms that this email message has been scanned by > PineApp Mail-SeCure for the presence of malicious code, vandals & computer > viruses. > > ************************************************************************************ > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Jose Valdivia Firewall Enginner Perot Systems CCSA CCSE WCSA NCMA NCMP
