Hi
There are some steps to do to reach the networks
connected site-by-site to the main site you've
connected to with secureclient. Please be aware that
I've not tested this config for Edge or S-Boxes but vor
FW1 Sites with VPN1-Net or any other license. But I'm
quite sure that this should also work for this small
office boxes.
It is needed that you use office mode and have the
office mode range in the Enc_A encryption domain of
firewall A.
[RemoteAccessClient] --- [ Firewall A (Enc_A)]
(vpn over Internet)---[Firewall B (Enc_B)]
# Firewall A and Firewall B are in the same community
Step - by - Step
-
1. Include Enc_B into Enc_A ( defined on the object on
the gui )
1.1 On the firewall object of Firewall A go to the tab
Remote Access
and enable HUB Mode Configuration ( Allow
Secure Client to route traffic through this gateway)
1.2 Use Dbedit and change the key
GW_route_traffic_for_OM_address to true (in global
properties)
1.3 Use Dbedit and check ( if you use VPN1-Net ) that
under Network Objects - network_objects in the
config of the firewall the exportable is set to
false
2. make an entry in $FWDIR/conf/vpn_route.conf (please
be aware that the force_override is needed)
#destinationrouter install_on
[force_override]
Enc_B Firewall B
Firewall A force_override
So that's all.
Philip Markwalder
--
Celeris AG
http://www.celeris.ch/
Studbachstrasse 13b Phone: +41 1
938 5720
CH-8340 HinwilFax: +41 1
938 5721
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On
Behalf Of Ray
Sent: Freitag, 3. September 2004 20:58
To: [EMAIL PROTECTED]
Subject: [FW-1] VPN routing question
I just set up a test VPN from an R55 gateway to an Edge
XU box and I now have my computer on it's internal
network.
When I have SecureClient running on my computer, I
can't get to the real
internal network. I have to disable the policy, even
though this new internal network is allowed in the
desktop security policy, and also stop SecureClient.
Then everything works OK.
I vaguely recall reading about this before and it
seemed that it had something to do with the topology
being fed to SecureClient. All remote access will be to
the R55 gateway and then down the site-to-site VPN to
the Edge internal networks. We are using hub mode for
SecureClient.
Any pointers would be appreciated!
Thanks,
Ray
___
__
Express yourself instantly with MSN Messenger! Download
today - it's FREE!
hthttp://messenger.msn.click-url.com/go/onm00200471ave/
direct/01/
=
To set vacation, Out-Of-Office, or away messages, send
an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=
