Hi,
I have a VPN community connecting two offices. A rule has been created to
permit certain devices on both networks to communicate on a set of defined
protocols. When a computer outside the scope of this rule attempts to send
SMTP traffic to the external address of the other terminating device is
attempts to send it encrypted. The message 'Packet is dropped because there
is no valid SA' is generated in the Tracker. Is there a way to exclude all
hosts from sending data encrypted that isn't included in the encryption
rule? I resolved this by excluding SMTP from being encrypted in the VPN
community. Is this the only way to exclude the internal machines from being
able to access the remote VPN terminating devices external interface without
being routed through the VPN?
Many thanks,
J
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
