At 23:51 11.01.2002 +1100, John Georges wrote: [...] > > >We want to establish a VPN connection between FWA and FWB which is simple > > >enough, however people on NET1 will also be required to authenticate and > > >encrypt to FWA for traffic going to NET2. > > > > > >The results in two almost identical rules on FWA: > > > > > >1. NET1 ---> NET2 Any Client Encrypt > > > > wenn - if you want to use securemote to connect to NET2 and authenticate > > your users on FW-B you should implement this rule on FWB. in that case you > > don't need the second rule, just configure secuRemote to connect to NET2 > > through FWB on every client in NET1 and it works! > >Sorry, I want to authenticate off FWA, not FWB. Authentication of NET1 >users must be done by FWA. (management of users and the firewalls is to >remain within the respective companies). > > > maybe you want to use "User Auth" instead of "Client Enctrypt" ?? > >No, as far as I know we want to use Client Encrypt. The aim is to encrypt >all traffic on NET1, User Auth won't do that for us.
the encryption is done with the 2nd rule (net1 -> net2 encrypt), above this rule you have to make a rule 1 (net1 -> net2 session-auth). then you have to authenticate because of rule 1 and traffic is ancrypted because of rule 2. I didn't test it myself but I think it should work! cheers -reinhard -- Reinhard Stich, ASSIST [EMAIL PROTECTED] Internet Security AG, 1190 Wien, Nussdorfer Laende 29-33 Tel: +43 1 370 94 40 RS784-RIPE Fax: +43 1 370 94 40-10 ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
