Hi,
Please excuse the crude ASCII diagram:
------------
| |
| Internet |
|------------| |------------
| ------------ |
| |
| |
---------- ----------
| | | |
| Corp | | Remote |
| | | |
---------- ----------
| |
<Cisco Router> <Cisco Router>
| |
|----------<Private T-1>-----------|
I'd like to setup a VPN as failover for the private T-1. However, I don't
want traffic encrypted over the T-1. So far, the advice I've been given is
to setup a VPN rule and disable it until needed. But, this doesn't exactly
meet my needs since it requires a manual step to initiate the failover.
I'm using a distributed setup with the FW-1/VPN-1 NG FP1 products running on
Nokia boxes and the management station running on a Windows 2000 server. I
can't use the IPSec tunnels that are part of the Nokia boxes unless I want
to change my SecuRemote users to FW-1 encryption, which I'd also, rather not
do since Checkpoint seems to be downplaying the protocol in favor for IPSec.
And, I also don't want to replace the Nokia boxes or put a server in between
it and the rest of the network as a new default gateway.
Seems like I'm being picky doesn't it? ;) But, if it was a different
firewall/VPN product that didn't use encryption domains, it'd be easy. I
like Checkpoint but I'm having difficulty finding a solution to this
problem.
Thanks for any help,
Robert
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
