Firewallers,
The configuration is for VPN with NAT for LAN-to-LAN.
VPN FW1 Gateway V4.1 is installed at both remote offices respectively.
FWZ encryption will not be used because it does not handle NAT.
I will prefer to use IKE but can use use SKIP if required.
The IPSec specifications allow AH and ESP to be applied to an IP packet in
two different ways, called modes. In Transport mode, only the
Transport-layer segment of an IP datagram is processed (i.e., authenticated
or encrypted). The original source and address destination are not
protected. The other approach, authenticating or encrypting the entire IP
packet, is called Tunnel mode. The inner IP header contains the ultimate
source and destination address, while the outer header contains other IP
address (e.g. those of the security gateways).
What Encryption Methods is supported in Firewall V41 for the following:
1. FWZ scheme, only transport mode is supported, will not work with NAT.
2. IKE scheme, what mode are supported?
3. SKIP scheme, what mode are supported?
4. OPSEC scheme, what mode are supported?
I am assuming Tunnel mode will support NAT, and Transport mode will not.
To setup LAN-to-LAN, I think two configurations are possible.
1. Use private address with NAT on remote networks and setup Encrypted
tunnel mode between gateways.
2. Use private address without NAT on remote networks and setup Encrypted
tunnel mode between gateways.
Please provide details on how to configure the above configurations, also
your comments and suggestions will be greatly appreciated.
Darly
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
