The rules should look like this:
Rule Source Dest Action
-------------------------------------------------
1 check check encrypt
sonicwall-1 sonicwall-1
sonicwall-2 sonicwall-2
2 encrypt-domain encrypt-domain encrypt
sonicnet-1 sonicnet-1
sonicnet-2 sonicnet-2
Note that both actions are "encrypt". Also note that this will obviously
not work if you need to use different encryption schemes or data integrity
methods (we use the same for all remote sites, so it isn't an issue here).
If you're using hide mode NAT out to the internet you'll also need to add a
NAT rule in order to contact the remote networks from a machine in
encrypt-domain:
Original Translated
source dest service source dest service
-------------------------------------------------------------------
encdomain sonicnet-1 any original original
original
sonicnet-2
I have left the objects out of a group for ease of readability, but I would
expect a group to behave identically.
Hope that helps - good luck!
Dan Hitchcock
Network Engineer
425.456.3970
[EMAIL PROTECTED]
Xylo, Inc.
The work/life solution for corporate thought leaders
-----Original Message-----
From: Pearrow, Mark [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 19, 2001 1:14 PM
To: 'Dan Hitchcock'
Subject: RE: [FW1] Nokia FW-1/VPN-1 and SonicWall TELE2 interoperability
Hi Dan,
Many thanks for your reply. So if you have two sonicwalls for example, you
need the following objects created to represent everything:
- Checkpoint firewall object ("check")
- Encryption domain object for behind the FW-1("encrypt-domain")
- Sonicwall workstation object 1 ("sonicwall-1")
- Sonicwall network 1 (private net behind sonicwall) ("sonicnet-1")
- Sonicwall workstation object 2 ("sonicwall-2")
- Sonicwall network 2 (private net behind sonicwall) ("sonicnet-2")
The sonicwall objects are configured to use IKE, 3DES with a pre-shared
secret.
How do the two rules look exactly with regard to these objects? Like:
Rule Source Dest Action
-------------------------------------------------
1 check sonicwall-1 accept
sonicwall-1 check accept
2 encrypt-domain sonicnet-1 encrypt
sonicnet-1 encrypt-domain encrypt
Specifically, did you use a group to contain the sonicwall objects?
Thanks,
mjp
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================