Any idea on the below vpn ike question, thanks all On Tue, 12 Jul 2011 18:13 BST Peter Addy wrote:
>Thanks, all interfaces have no anti spoofing and yup we have routes that point >the target ips to the router hop which leads out, and I have another >question, if IKE udp 500 fails in our logs with no valid SA with another VPN >my question is would the other party still this ike udp 500 on their side, >reason I ask is that I am told the other side don't see anything incoming to >them, we see this ike leaving our firewall via the vrrrp address? > >On Tue, 12 Jul 2011 17:18 BST David DeSimone wrote: > >>Peter Addy <[email protected]> wrote: >>> >>> Does anyone know if you can have a vpn on a dedicated ethernet liink, >>> where all of the firewall interfaces are set to internal? I would have >>> thought at least one interface would be set to External? Any reason >>> why this could be,the vpn works fine, just curious as all my other >>> vpns have a external interface set on the topology, thanks >> >>External/Internal defines anti-spoofing rules, rather than security >>zones. If you don't have an interface with a default route, then you >>don't really need to define any interface as External. As long as the >>topology makes sense, the firewall will do what it's told to do. >> >>-- >>David DeSimone == Network Admin == [email protected] >> "I don't like spinach, and I'm glad I don't, because if I >> liked it I'd eat it, and I just hate it." -- Clarence Darrow >> >> >>This email message is intended for the use of the person to whom it has been >>sent, and may contain information that is confidential or legally protected. >>If you are not the intended recipient or have received this message in error, >>you are not authorized to copy, distribute, or otherwise use this message or >>its attachments. Please notify the sender immediately by return e-mail and >>permanently delete this message and any attachments. Verio, Inc. makes no >>warranty that this email is error or virus free. Thank you. >> >>Scanned by Check Point Total Security Gateway. >> >>================================================= >>To set vacation, Out-Of-Office, or away messages, >>send an email to [email protected] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>To unsubscribe from this mailing list, >>please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>If you have any questions on how to change your >>subscription options, email >>[email protected] >>================================================= > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
