>Everything seems to be working fine but I started to think >about dedicating a line at this location to that VPN, right now we are >sharing a T1 at this location for all internet activity.
>I started to think about how I would separate the data and figured it must >be all in the Splat and Edge routing. I currently don't have any static >routes in place for this VPN I'm starting to think maybe I should have I think what you're going to want to do is utilize the vpn link selection method "Calculate IP based on network topology" and Outgoing Route Selection "IP address of chosen interface". Then if you added a static route to the "Peer" address to use the dedicated line router's address, it would build the vpn strictly with the dedicated line ip. You wouldn't need static routes for the encryption domain networks assuming the firewall is the default route for unknown routes. David Barker Senior Security Engineer Internet Security Division, Compuquip Technologies Phone: 813-774-6538 Fax: 309-214-8282 dbarker[at]compuquip[dot]com ------------------------------------------------------------------------ --------------------------------------------------------------------- WARNING Unencrypted email is insecure and vulnerable to eavesdropping. Send an email message with "get pgp key" or "get cert" in the subject to get a copy of my encryption keys. ------------------------------------------------------------------------ --------------------------------------------------------------------- -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of John Lindblom Sent: Thursday, April 10, 2008 8:43 AM To: [email protected] Subject: [FW-1] VPN Static Routes [Scanned] I have had a VPN setup for a couple of months now between NGX R65 and a Edge device. Everything seems to be working fine but I started to think about dedicating a line at this location to that VPN, right now we are sharing a T1 at this location for all internet activity. I started to think about how I would separate the data and figured it must be all in the Splat and Edge routing. I currently don't have any static routes in place for this VPN I'm starting to think maybe I should have, the branch office is a 172.18 subnet and this location is a 172.16 subnet. Should A have static routes for those subnets setup, on this end it would be the Dest:172.18.0.0/Gate:IP of Router at that location and the same at that end plus any additional subnets at this location the users on the 17.18 subnet would access? John Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= The information in this message including any attachments may be confidential or privileged and is for the use of the named recipient only. If you are not the named or intended recipient you may not copy, distribute, or deliver this message to anyone or take any action in reliance on it. If you receive this message in error please contact the sender immediately and delete it from your system Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
