this is no problem, because the overlapping network only matters in
remote access vpn
you can define a separate encryption domain for remote access so your
other vpns are not affected.
Alex
Jose Valdivia schrieb:
The problem here, is that I use that overlapped network into another VPN,
very bad isn't
Regards, Thanks for the reply
On 10/8/07, Alex <[EMAIL PROTECTED]> wrote:
There´s a secureknowledge article about that problem,
Do you have a network on the external fw defined that overlaps with a
interface of the 2nd firewall?
Then you have to define a exclusionary group where you except the
interface(s) of firewall 2 from the encryption domain of firewall 1.
The problem is that the checkpoint gateway interfaces are automatically
added to the encryption domain.
Unfortunately I dont have the number now, but just search with the exact
error message in secureknowledge, it´s one of the first articles.
Alex
-----Ursprüngliche Nachricht-----
Von: Mailing list for discussion of Firewall-1 [mailto:
[EMAIL PROTECTED] Im Auftrag von ???? ?? ????
Gesendet: Samstag, 6. Oktober 2007 21:08
An: [email protected]
Betreff: Re: [FW-1] Secure Remote Overlapping encryption domain
Hi ,
I need client-vpn to the second fw in the future.
I configure a network " Disable_Ovelapping_VPN" that is not on my
network and I add it to my second fw encryption domain.
In the first fw I have a group that include all my networks (behind first
& second fw) and the same problem.
I install the policy on both fw.
Do I need to restart some service ?
Thanks
-----Original Message-----
From: Reinhard Stich [mailto:[EMAIL PROTECTED]
Sent: Saturday, October 06, 2007 8:52 PM
To: שאול בן שושן; [email protected]
Subject: AW: [FW-1] Secure Remote Overlapping encryption domain
do you need client-vpn to the second fw?
if no then define a special client-vpn-enc-domain there that does not
include any IP that you have on the first fw. In case you don't need any vpn
on the second fw you can disable vpn on that fw by unselecting vpn in the
fw-object.
br
reinhard
--
Reinhard Stich, Internet Security AG
Mobile email powered by Nokia Intellisync
-----Ursprüngliche Nachricht-----
Von: ???? ?? ????
Gesendet: 06.10.2007 20:24:58
An: ???? ?? ????;[email protected]
Betreff: [FW-1] Secure Remote Overlapping encryption domain
Hi,
We have back to back checkpoint r65
Users connect in secure remote to the front firewall
In the encryption domain of the front firewall we have all the inside
networks.
In the back firewall encryption domain we have some fake network
When users connect they have error " Overlapping encryption domain"
Any help ?
Thank you
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer
viruses.
************************************************************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer
viruses.
************************************************************************************
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer
viruses.
************************************************************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
