Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Remote extranet access over SecuRemote/SecureClient

from Ray [Permanent Link]
Subject: Re: [FW-1] Remote extranet access over SecuRemote/SecureClient
From: Ray <sixsigma44 AT HOTMAIL DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Sun, 22 Aug 2004 20:40:00 -0400 
Gees, did you ever have one of those days?  :-)

The only need we have for traditional policies is that we need multiple
remote access user groups, one that SCV applies to and one that SCV doesn't
apply to. If Check Point ever offers  multiple remote access communities and
the ability to select whether SCV applies to a particular community, the
traditional policies can go.

Ray


From: David A Muscat <muscatd AT AU1.IBM DOT COM>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Remote extranet access over SecuRemote/SecureClient
Date: Fri, 20 Aug 2004 10:46:40 +1000

Thanks Ray. It seems that vpn routing is only possible when using simplied
mode so that you can work with VPN communities. This is rather unfortunate
as our policies are currently in traditional mode :(  Will have to look at
re-writing the policies to make this work.

Appreciate the tips!

David





             Ray
             <sixsigma44@HOTMA
             IL.COM>                                                    To
             Sent by: Mailing          FW-1-MAILINGLIST AT AMADEUS.US DOT 
CHECKPO
             list for                  INT.COM
             discussion of                                              cc
             Firewall-1
             <FW-1-MAILINGLIST                                     Subject
             @AMADEUS.US.CHECK         Re: [FW-1] Remote extranet access
             POINT.COM>                over SecuRemote/SecureClient


             19/08/2004 10:52
             PM


             Please respond to
             Mailing list for
               discussion of
                Firewall-1






Hi David,

Search the KB for "vpn routing". I think it's available before AI and it
may
help you out. You also might want to download the Check Point documentation
for VPN-1 and search or print out the PDF. I've found this whole series of
documents from Check Point to be as good as any third-party book.

Ray

>From: David A Muscat <muscatd AT AU1.IBM DOT COM>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Subject: Re: [FW-1] Remote extranet access over SecuRemote/SecureClient
>Date: Thu, 19 Aug 2004 10:35:34 +1000
>
>The solution id for that document I posted the link for is sk19524.
>
>David A Muscat
>
>
>
>
>              Hal Dorsman
>              <hdorsman AT RMEF DOT OR
>              G>
To
>              Sent by: Mailing
FW-1-MAILINGLIST AT AMADEUS.US DOT CHECKPO
>              list for                  INT.COM
>              discussion of
cc
>              Firewall-1
>              <FW-1-MAILINGLIST
Subject
>              @AMADEUS.US.CHECK         Re: [FW-1] Remote extranet access
>              POINT.COM>                over SecuRemote/SecureClient
>
>
>              19/08/2004 03:09
>              AM
>
>
>              Please respond to
>              Mailing list for
>                discussion of
>                 Firewall-1
>
>
>
>
>
>
>I was a little confused by your question so didn't answer at first,
>hoping someone else understood better.  Since no one did, here goes
>my guess.  This is a routing issue handled by the firewall.  The
>firewall knows about the routing requirements for your extranet
>tunnel based on topology.  You connect to your gateway as defined
>by your  SC client setup, then your gateway knows to route (and re-
>encrypt packets) packets destined for your extranet based on topology.
>So yes, it is possible, and pretty much default setup once you
>have your topology defined.
>
>Hal
>
> > -----Original Message-----
> > From: David A Muscat [mailto:muscatd AT AU1.IBM DOT COM]
> > Sent: Monday, August 16, 2004 7:10 PM
> > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > Subject: [FW-1] Remote extranet access over SecuRemote/SecureClient
> >
> >
> > Hi all,
> >
> > I'm running a CheckPoint NG FP2 gateway with vpn on a solaris
> > server. This
> > firewall serves as the gateway for SecureClient users and
> > it's also a VPN
> > termination point for an extranet tunnel.
> >
> > There's a requirement to allow SecureClient users to access
> > this tunnel.
> > Ie, a SecureClient user sends packets to destinations which are at the
> > remote extranet site. I've managed to configure the userc.C file to
> > correctly encrypt the packets and send them to the gateway.
> > The gateway
> > then decrypts these packets but then I need them re-encrypted
> > to send back
> > out across the extranet tunnel to their final destination.
> >
> > Is this kind of setup/connectivity actually possible without having to
> > route the packets anywhere else beyond the firewall? Any ideas or
> > suggestions would be greatly appreciated.
> >
> > Thanks!
> >
> > David A Muscat
> >
> > IBM Global Services
> > Email: muscatd AT au1.ibm DOT com
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================

_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


_________________________________________________________________
Check out Election 2004 for up-to-date election news, plus voter tools and
more! http://special.msn.com/msn/election2004.armx

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Syncronization problems, Ray
Next by Date:  Re: [FW-1] Upgrade from NG FP3 to NG with AI easy?, Ray
Previous by Thread:  Re: [FW-1] Remote extranet access over SecuRemote/SecureClient, David A Muscat
Next by Thread:  [FW-1] Not valid license, Salomé Reíllo
Indexes:  [Date] [Thread] [Top] [All Lists]