a bv a écrit : > They wanted me to add a access rule for both ways between that host at > LAN and whole DMZ subnet for ESP protocol group. At the host sides > the owners ( other people from mycompany ) applied ipsec on the hosts > as i know. Can you explain in detail for statement inwriting ? > Regards Sounds really strange. As someone already mentionned on the list, you need either 2 gateways or one gateway and one vpn client for IPSEC.
if the device in between has already some vpn connection, it can be quite hard to have ike or esp go through. if the need is to secure traffic between a DMZ and the LAN, what's the benefit of having already a firewall in between ? Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
