Thread: Check Point VPN design
View Single Post
  #6 (permalink)  
Old 2008-04-20
cciesec2006 cciesec2006 is offline
Senior Member
  
Join Date: 2006-09-26
Posts: 596
Rep Power: 2
cciesec2006 has an average reputation (10+)
Default Re: Check Point VPN design
Quote:
Originally Posted by Testing-123 View Post
Hi ciesec2006,

Intresting comments, sounds like something i need to try out in the lab. However, a cisco IOS router does not allow you to do NAT (i.e source and destination in a tcp connection) which is what a lot of my VPN are setup to do.
Cisco IOS can do NAT easily in a tcp connection; however, You can terminate
VPN on Cisco devices and do NAT on the firewalls.

My preference is to do NAT on the firewalls. Checkpoint is great at that.
VPN on Cisco IOS because routers are great at VPN.

You will find that it will make your life much easier in term of troubleshooting
and support.

my 2c
Reply With Quote