 | ||
 LAN Extension | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-08-28 | |||
| |||
 LAN Extension Howdy, A LAN Extension is being installed which will join our remote office and the hosting site. A router won't be in place until we've have our MPLS circuit installed. Just wondering is it possible to use the GWs to handle routing between the two sites. The idea is to make it so the Gateways send LAN traffic through the LAN Extn and internet traffic through the external interface. Below is what's running at both sites. Site A - Hosting Site R62 on SPLATPRO eth0 - External IP - 192.168.1.1 eth1 - Internal LAN IP - 10.10.6.1 eth2 - DMZ - 10.20.6.1 eth4 - LAN Extn IP - ??? Site B - Office R62 on SPLATPRO eth0 - External IP - 192.168.2.1 eth1 - Internal LAN IP - 10.10.7.1 eth3 - LAN Extn IP - ??? Rule Base for VPN GW-to-GW (All Gateways) Site-to-Site (All Protected Networks) Would either of the following work: Setup eth4 (HS) with 10.10.7.2 and hide the 10.10.7.0 LAN behind it and then setup eth3 (Off) with 10.10.6.2 and hide the 10.10.7.0 LAN behind it. Setup eth4 (HS) with 10.10.7.2 and NAT it to a 10.20.6.2 IP address and then setup eth3 (Off) with 10.10.6.2 and NAT it to a 10.20.7.2 IP address. If it won't work what will....besides a proper router..... Cheers.  |
| 2007-08-30 | |||
| |||
| Re: LAN Extension The LAN Extension being on a seperate interface will need to be a different IP range to the Internal Network. However why not just add static routes that say that the remote networks are via the remote gateway. This way the Internet traffic goes via Internet and the LAN traffic goes via the LAN. |
| 2007-09-12 | |||
| |||
| Re: LAN Extension Thanks mcnallym, it pointed me in the right direction however... Connection speed for a 100Mb LANX is inconsisent and thus been unsatisfactory. Site A - Hosting Site R62 on SPLATPRO eth0 - External IP - 192.168.1.1 eth1 - Internal LAN IP - 10.10.6.1 eth2 - DMZ - 10.20.6.1 eth4 - LANX IP - 10.30.6.1 Site B - Office R62 on SPLATPRO eth0 - External IP - 192.168.2.1 eth1 - Internal LAN IP - 10.10.7.1 eth3 - LANX IP - 10.30.6.2 Rule Base for VPN GW-to-GW (All Gateways) Site-to-Site (All Protected Networks) Static Routes 10.10.7.0/24 to use GW IP 10.30.6.2 on Site A 10.10.6.0/24 to use GW IP 10.30.6.1 on Site B I have confirmed that the routes are working. My thought is that the LANX packets are being encrypted thus increasing the latency times. Any one have any ideas to increase performance. Cheers, Riqsta |
| 2007-09-13 | |||
| |||
| Re: LAN Extension If you are running a VPN between the two gateways, and looking at it then I suspect that you are then it will encrypt. Check Point always encrypts if there is a VPN between the src and destination. You need to be more specific with your VPN configuration so that you specify where you VPN between and what networks. You are saying at the moment all gateways which will include the OfficeB gateway so it will encrypt. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
