The solution id for that document I posted the link for is sk19524.
David A Muscat
Hal Dorsman
<hdorsman AT RMEF DOT OR
G> To
Sent by: Mailing FW-1-MAILINGLIST AT AMADEUS.US DOT
CHECKPO
list for INT.COM
discussion of cc
Firewall-1
<FW-1-MAILINGLIST Subject
@AMADEUS.US.CHECK Re: [FW-1] Remote extranet access
POINT.COM> over SecuRemote/SecureClient
19/08/2004 03:09
AM
Please respond to
Mailing list for
discussion of
Firewall-1
I was a little confused by your question so didn't answer at first,
hoping someone else understood better. Since no one did, here goes
my guess. This is a routing issue handled by the firewall. The
firewall knows about the routing requirements for your extranet
tunnel based on topology. You connect to your gateway as defined
by your SC client setup, then your gateway knows to route (and re-
encrypt packets) packets destined for your extranet based on topology.
So yes, it is possible, and pretty much default setup once you
have your topology defined.
Hal
> -----Original Message-----
> From: David A Muscat [mailto:muscatd AT AU1.IBM DOT COM]
> Sent: Monday, August 16, 2004 7:10 PM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] Remote extranet access over SecuRemote/SecureClient
>
>
> Hi all,
>
> I'm running a CheckPoint NG FP2 gateway with vpn on a solaris
> server. This
> firewall serves as the gateway for SecureClient users and
> it's also a VPN
> termination point for an extranet tunnel.
>
> There's a requirement to allow SecureClient users to access
> this tunnel.
> Ie, a SecureClient user sends packets to destinations which are at the
> remote extranet site. I've managed to configure the userc.C file to
> correctly encrypt the packets and send them to the gateway.
> The gateway
> then decrypts these packets but then I need them re-encrypted
> to send back
> out across the extranet tunnel to their final destination.
>
> Is this kind of setup/connectivity actually possible without having to
> route the packets anywhere else beyond the firewall? Any ideas or
> suggestions would be greatly appreciated.
>
> Thanks!
>
> David A Muscat
>
> IBM Global Services
> Email: muscatd AT au1.ibm DOT com
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
