Hi
Config: R55 HFA08 , on Solaris8
I want to connect all remote access clients to the main
firewall and then route over the site-to-site vpns to
the remote locations. (Main site is SiteA, remote
office is siteB)
What I've done:
- configured Office Mode at the main site, included OM
network into the encryption domain of the main site.
- added the network of siteB into the encryption domain
of the mainsite and added a routing entry to
vpn_route.conf:
Encryptiondomain_siteb siteB siteA force_override
- removed siteB from the RemoteAccess community
- did a new topology download
=> site-to-site VPN still works
=> topology looks quite ok ( the enc_domain of the main
site includes the network of the remote office site )
=> not ok: the remote access topology still includes
the siteB (though I removed from remote access
community) and there is an entry ":includes siteB" in
the part of the main site siteA.
=> This causes that secureclient drop the traffic at
his end
Questions:
- how can I force that the siteB (the remote office)
does not appear in the topology?
- Where can I find more informations about this
:includes in the topology?
Philip Markwalder
--
Celeris AG
http://www.celeris.ch/
Studbachstrasse 13b Phone: +41 1
938 5720
CH-8340 Hinwil Fax: +41 1
938 5721
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
