Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[FW-1] To VPN or not to VPN - that is the question...

from Girard Moussa [Permanent Link]
Subject: [FW-1] To VPN or not to VPN - that is the question...
From: Girard Moussa <girard.moussa AT AVTECH.COM DOT AU>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Fri, 26 Mar 2004 13:36:39 +1100 
Dear All,

Here goes:

Scenario: Two Gateways, managed by same mgmt station. Connected via
frame relay, therefore traffic traversing in the clear. The gateways are
also connected to the internet.

Requirement: Should the frame relay link go down, traffic should
traverse over the internet via a VPN tunnel. This has to be done
automatically without any changes during the failover.

Question: How is that possible or is it even possible? I can configure
dynamic routing and route the traffic through the internet interface,
but how can I have the rulebase configured to understand when to send it
in clear text and when encrypt it? The communication will always be
between the encryption domains i.e. encryption will try to take place
every time with simplified VPN. I cannot have a VPN up on the frame
relay since there already are other VPN tunnels configured on the
internet interface with other sites and as you all know, you can have as
many tunnels as you want as long as you use only one interface at a time
:)

Thanks in advance.

Regards,
Girard Moussa

_______________________________________________________________________________________
This  email  (and attachements)  may contain privileged / confidential  
information.
If you are not the addressee  (or responsible for delivery of this message) any 
use,
forwarding, printing or copying of this email is strictly prohibited. In such 
case, you
should  destroy this message  and kindly  notify the sender. Opinions, 
conclusions
and other  information in this message that  do not relate to the official 
business of
Advance Vision Technology (Aust) Pty Ltd  shall be understood  as  neither given
nor endorsed by it.
________________________________________________________________________________________

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Need Info, Denni
Next by Date:  Re: [FW-1] Need Info, Rajveer Kushwah
Previous by Thread:  [FW-1] Question: TCP Services Properties, Roberto Quinones
Next by Thread:  Re: [FW-1] To VPN or not to VPN - that is the question..., Rajveer Kushwah
Indexes:  [Date] [Thread] [Top] [All Lists]