Hello, I'm the Administrator at Berlin. Behind my R65 FW are two Networks as encryption Domain, a internet public (routable) class C network (NET_C) and a private (172.x) class B Network (NET_B). In the past, only the public NET_C was used, and is defined as the encryption Domain of a "FW_Berlin" Object in my Partners Firewalls across Germany. SO FAR, THE CONFIGURATION CAN'T BECHANGED.
Now we have a New Partner in New York. This one should not know anything about the public NET_C, and only use NET_B for the VPN. SO in New York, there's also a Object "FW_Berlin" with NET_B as the encryption Domain. And here comes the Problem: VPN Traffic between New York and our private NET_B is fine. But if New York want's to access our public NET_C, my Firewall in Berlin tells me "clear text packet should be encrypted", wich is right, but this is the Problem. New York tries to correctly reach the public NET_C without VPN, without encryption. But because NET_C is in my encryption Domain in Berlin, the package is discarded. SO my Question: Can I somehow get it to work that my Firewall accepts non VPN Traffic to NET_C, WHILE LEAVING NET_C in the encryption Domain? (For my German Partners?) I CAN NOT change the configuration of New York or any German partners. I read about a $FWDIR/conf/user.def file, but I have to redefine this file after everey Upgrade or Hotfix, so this is the worst option. Any better Ideas? Some NATing? regards, Markus -- Markus Schmidt Tel.: ++49-351-3 18 09 27 interface systems GmbH Fax.: ++49-351-3 36 11 87 Tolkewitzer Straße 49 E-Mail: [EMAIL PROTECTED] D-01277 Dresden Ein Unternehmen der interface:business-Gruppe ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
