greetings,
Look at the following picture:
CL = Internal Client
CC = Crypto Cluster Box
VPN = VPN Connection through the Internet
FW-1 = Firewall-1 Box
PT = Plain Text Communication
DH = Destination Host, any host located on the internet
CL <-PT-> CC <-VPN-> FW-1 <-PT-> DH
What I would to achieve is that the internal Client can reach any host on
the internet, going through the VPN tunnel between Cryptobox and FW-1. The
FW-1 itselfs should route the encrypted packet to the internet and finaly
reach the destination. So FW-1 acts as an central HUB for any connection to
and from the internet and the Cryptobox(es). I have sucessfully set up the
VPN between CryptoCluster and FW-1 when I define on FW-1 as encryption
domain the internal network of FW-1. I don't know how to tell Cryptobox that
it should use VPN to reach any destination. Another thing would be the
firewall itself. Normally, you assign them an object called encryption
domain which includes all networks for which it will encrypt / decrypt.
Wonder how it is possible to tell them that any traffic from cryptobox
should be decryptet, no matter if the destination belongs to an internal or
external host.
I'm appreciating really any hints, facts and figures.
Regards,
sAM
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
