 | ||
 VPN Domain | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-02-21 | |||
| |||
 VPN Domain Hi All I have a VPN problem and I wondering if anyone can help me with that: I have setup a SITE to SITE VPN and I have also a remote access VPN to both sites. I’ve tried to add some networks from 1 site to the other site VPN domain and it didn’t work It mess up my site to site VPN Is there any way I can do this ? Thanks, Elad  |
| 2006-02-22 | |||
| |||
| Re: VPN Domain There are two ways you could do this. Either have one site in the Remote Access group and route traffic through the one site across the SITE-SITE tunnel, or put both sites into the Remote Access group. Both sites in the Remote Access group: The VPN Domain for each site should only include networks that live behind the site. Secure client will authenticate to each site as needed (IE if you authenticate to the first site, and try to access a resource in the second site, you'll receive another authentication prompt). One site in the Remote Access group: The site in the Remote Access group should have a VPN Domain that includes networks for both sites. The second site that is not in the Remote Access group should have it's normal VPN domain defined. The trick to making this work is to create VPN Routing entries for the second site on the first site's firewall (edit $FWDIR/conf/vpn_route.conf on the Management Server). Here's an example of VPN_route: # Enable encryption for SecureClient -> Second Site: EncryptionDomainFW2 FW2 FW1 force_override Another way to do the "One site in the Remote Access group" is to use "Hub Mode" for your Remote Access group. This is actually specified in Manage -> Remote Access -> Connection Profiles -> Advanced. In this case the VPN Domain for each site should only include networks that live behind that firewall. Hub Mode means that all your internet traffic will route through the firewall [not just traffic destined for hosts in the VPN Domain]. HTH Last edited by melipla; 2006-02-22 at 10:31. Reason: clarification |
| 2006-02-28 | |||
| |||
| Re: VPN Domain Hi, i have also a problem that is similar to this with only some differences. current situation: 1 Checkpoint GW NG R55 config in traditional mode (vpn dom is network1) 1 Cisco IPsec router setup as interoperable device in CP (VPN Dom is network2) network1 is behind the checkpoint network2 is behind the cisco between both networks i have a VPN tunnel Remote users have SecuRemote installed and connect to the Checkpoint The remote users can access the network1 but not network2 because its not in the vpn domain of the Checkpoint. Is there also a solution for this? How do i configure the Connection Profile with HubMode? I can create one but don´t know what to do with it after creation. Do i have to bound it to something or is it automaticly active then. If so for who is it active? Thanks in advance for your help! best regards Stefan |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
