Hi...
U can create a rule above the one already created, with services that should go
unencrypted.
Cheers....
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On Behalf Of Jubei
Trippataka
Sent: Wednesday, April 26, 2006 7:02 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] VPN community exclusions
Hi,
I have a VPN community connecting two offices. A rule has been created to
permit certain devices on both networks to communicate on a set of defined
protocols. When a computer outside the scope of this rule attempts to send
SMTP traffic to the external address of the other terminating device is
attempts to send it encrypted. The message 'Packet is dropped because there
is no valid SA' is generated in the Tracker. Is there a way to exclude all
hosts from sending data encrypted that isn't included in the encryption
rule? I resolved this by excluding SMTP from being encrypted in the VPN
community. Is this the only way to exclude the internal machines from being
able to access the remote VPN terminating devices external interface without
being routed through the VPN?
Many thanks,
J
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain proprietary, confidential or privileged information. If you are not the
intended recipient, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately and destroy all copies of this message and
any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted by this
email.
www.wipro.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
