Re: [FW-1] SecureClient VPN not able to traverse site to site vpns

Subject:	Re: [FW-1] SecureClient VPN not able to traverse site to site vpns
From:	Ray <sixsigma44 AT HOTMAIL DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 7 Oct 2004 20:23:50 -0400

Enable Hub Mode on SecureClient and Alow SecureClient to Route Traffic
Through the gatway on the gateway (or whatever the exact wording is). Hub
mode forces ALL SecureClient traffic down the VPN, even stuff not headed for
the encryption domain. In this case, this is precisely what you want because
the gateway knows how to route the traffic down the site-to-site VPNs.

The only drawback, and I don't consider it a drawback, is that you can't
reach local LAN resources where SecureClient is located when the tunnel is
up. For example, SecureClient is on a 192.168.1.0 network and you have a
wireless printer on that network. Hub Mode will force the traffic destined
for the wireless printer down the tunnel to the gateway, which will route it
to the Internet where it, of course, can't find your wierless printer. You
will only be ablke to use the wireless printer when not connected by
SecureCLient.

Ray

From: Brian Hope <bhope AT BENEFITVISION DOT COM>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] SecureClient VPN not able to traverse site to site vpns
Date: Thu, 7 Oct 2004 10:22:04 -0400

I connect my workstation via the SecureClient VPN. It connects, and I
can ping machines on the network behind the gateway. I have 1 internally
managed gateway and 2 externally managed gateways connected by site to
site vpns. How do I get my workstation (connected via SecureClient) to
be able to hit resources over the site to site vpn?

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar ? get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] SecureClient VPN not able to traverse site to site vpns, Brian Hope Re: [FW-1] SecureClient VPN not able to traverse site to site vpns, Ian Gilfillan Re: [FW-1] SecureClient VPN not able to traverse site to site vpns, Brian Hope Re: [FW-1] SecureClient VPN not able to traverse site to site vpns, Ray <=

Previous by Date:	Re: [FW-1] Proxy ARP not working with manual NAT with Secure Plat form NG AI R55, Phil Wang
Next by Date:	Re: [FW-1] Smartview status "untrusted object", Jose Ramirez
Previous by Thread:	Re: [FW-1] SecureClient VPN not able to traverse site to site vpns, Brian Hope
Next by Thread:	Re: [FW-1] ClusterXL problem ! Help Help, GoddardM
Indexes:	[Date] [Thread] [Top] [All Lists]