On 8/23/05, cisco4ng <cisco4ng AT yahoo DOT com> wrote:
> The firewall has a default gateway and the default gateway will take care of
> that. You don't need to add any static routes unless you are terminating VPN
> on interfaces that do not use the default gateway.
Let's say that the firewall isn't the default gateway. Will the Nokia
advertise the route for a network on the other end of a VPN tunnel
using Checkpoint? If I can remember right, FP3 didn't do this as
Checkpoint didn't pass routing information down to IPSO. Does anybody
know?
>
> Questions 2 and 3 are not relevant unless you're talking GRE/IPSec. Cisco IOS
> supports tunneling GRE inside an IPSec tunnel. I think Nokia can do the same
> thing. In case of tunneling GRE inside IPSec tunnel, then the routes will go
> away
> if the VPN goes down, which makes sense because the IPSec tunnel is used to
> transport/encrypt GRE.
Now, if the question above is a YES, then Q2 and Q3 become relevant.
BTW, I am not talking GRE/IPSec.
>
> HTH
>
> Chris Lyon <cslyon AT GMAIL DOT COM> wrote:
> A few questions around Checkpoint NG or NGX on Nokia -
>
> 1) If you configure a VPN for a remote location, to another Checkpoint
> or Juniper or Cisco as the other end, does CP enter one or more routes
> representing the remote site address space into the Nokia OS?
> 2) If not, how does the Firewall know where to route the packets?
> 3) If the VPN goes down do the routes then go away?
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
