Hi,
The encryption domain of the remote gateway only includes an internal
subnet, not the public address.
cheers
J
On 4/26/06, Reinhard Stich <r.stich AT internet-security DOT at> wrote:
>
> hi,
>
> looks like this "outside the scope"-IP is part of the remote
> gateway's encryption domain ...
>
> cheers
> reinhard
>
> At 03:31 26.04.2006, you wrote:
> >Hi,
> >
> >I have a VPN community connecting two offices. A rule has been created to
> >permit certain devices on both networks to communicate on a set of
> defined
> >protocols. When a computer outside the scope of this rule attempts to
> send
> >SMTP traffic to the external address of the other terminating device is
> >attempts to send it encrypted. The message 'Packet is dropped because
> there
> >is no valid SA' is generated in the Tracker. Is there a way to exclude
> all
> >hosts from sending data encrypted that isn't included in the encryption
> >rule? I resolved this by excluding SMTP from being encrypted in the VPN
> >community. Is this the only way to exclude the internal machines from
> being
> >able to access the remote VPN terminating devices external interface
> without
> >being routed through the VPN?
> >
> >Many thanks,
> >J
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >fw-1-owner AT ts.checkpoint DOT com
> >=================================================
>
> --
> Reinhard Stich ASSIST R.Stich AT internet-security DOT at
> Internet Security AG, 1150 Wien, Johnstrasse 29
> Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
