I need to set up a site-site VPN with another company. The configuration
is different from what I usually do in that they require us to NAT our
sources to an IP address that they specify. Apparently this is for
several unavoidable reasons - this allows them to control their routing
in a fashion to meet their security policies and avoid any conflicts,
and their VPN device can't do this bidirectional so part of it has to be
done on my end.
I've never tried to configure something like this. Is it simply a matter
of going into the Address Translation tab and setting the translated
packet source address in the outbound direction to the specified NAT
address?
Since I set my NAT address in general for outgoing traffic on the
network object representing all my internal networks and not on the
firewall object, I presume I can't just create a new network object for
this with a NAT setting since that would interfere with my normal NAT.
Anything else I need to worry about when configuring this?
This is with CP NG-AI R55 on Solaris. I don't know what the other end
is; it wasn't one I had ever heard of.
FWIW, the VPN parameters are expected to be 3DES with MD5.
--
Jon Allingham
Leapstone Systems
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
