I have just been handed a bit of a mess and am trying to figure out the easiest way to resolve this issue without making major changes or disturbing the other VPN's running through these gateways. NGX R65 on SP build 123, there are multiple site to site VPN's with 3rd party's running out via Internet link.
There are two sites with a leased line between the two sites. Traffic is NAT'd by the leased line provider when it leaves our network and then again when it enters our network again on the other side. From the firewalls point of view it plays no part in the NAT and it should be transparent. Currently the public Internet IP's are used in the checkpoint object definition and when looking at 'link selection' in the VPN settings on that firewall object it is set to 'calculate IP based on network topology'. I am guessing I can make changes here to determine which interface is used but I need to ensure I do not affect other site to site VPN's which connect out via the Internet link. There are a series of 10.x nets behind each firewall which has been defined in the appropriate VPN communities. These 10.x nets are routed to the HSRP IP of the switch which connects to the router owned by the leased line provider. That router NAT's 10.x to it's own IP's and then back to 10.x net on the other side. I need to figure out a way to ensure this traffic goes via the leased line rather than the Internet link. The Internet link is only intended to be used as a backup for this site to site traffic. Any help will be greatly appreciated. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
