Well, long details: Currently have a central office here in Sacramento, with branch offices in SF Bay area (San Mateo), North Hollywood and San Diego. We are a State agency. The branch offices are connected to the central office over the state government's network (not public internet). We are currently using public IP subnets (4 at central office, 1 each at branch offices). We will eventually be going to private IPs everywhere (1 subnet at each site, including here). We are in the process of installing Watchguard firewalls at each site. It looks like the branch offices may get theirs before we do here at the central site, but I'm just not sure yet. I know already that I am going to have to move to private IPs at the branch offices, in order to get their firewalls installed (Firebox Edge x10e). I think you've answered my main question, which is to make sure the firewall knows to send traffic back to the central office. All traffic comes back here anyway, as it is, our only DNS server is here at the central office. Joe Heaton
________________________________ From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2008 9:46 AM To: NT System Admin Issues Subject: RE: site-to-site VPN question Short answer "yes" but what are you driving at? If you implement a site-to-site, you have to tell the firewalls to forward the traffic destined for the other site directly to the other firewall, via the tunnel or it will use its default route to the Internet. What type of firewalls are you dealing with? Shook http://www.linkedin.com/in/andyshook ________________________________ From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2008 12:40 PM To: NT System Admin Issues Subject: site-to-site VPN question When you implement a site-to-site VPN between firewalls, does this affect routes? Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [EMAIL PROTECTED] ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
