Re: [FW-1] site to site vpn one firewall has an internal ip address in t

Subject:	Re: [FW-1] site to site vpn one firewall has an internal ip address in the General screen of firewall object
From:	Jeremy Lieb <jlieb AT OPENTEXT DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Thu, 20 Jul 2006 12:35:42 -0400

Thanks to everyone for their replies. I think we will just go ahead and
give the General Tab the external IP. 


Jeremy Lieb CCSE-NG CCSE+NG
Firewall Administrator
Open Text Corporation
100 Tri-State Int'l Pkwy
Third Floor
Lincolnshire, IL 60069
18472679330  ext 4395
 

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of No Name
Available
Sent: Thursday, July 20, 2006 11:14 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] site to site vpn one firewall has an internal ip
address in the General screen of firewall object

 
Our system is/was working fine with the internal IP in the general tab.
Before NGX R60 I think it was because of the topology setup, the
firewall knows which interface is external and which interface has the
encryption domain. 
After R60 there is the "Link Selection" menu in the gateway properties
under "VPN". Here you can choose the IP address which the VPN link
should use. I forgot which selection was default, but we have "Selected
address from topology table" 
checked and the external IP is selected. If "Main address" 
(which is the address in the general tab) is checked, and if it is the
internal IP, that would be a problem.  

Yuriko Chapman
PARC 

> -----Original Message-----
> From: Mailing list for discussion of Firewall-1 
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of 
> Jeremy Lieb
> Sent: Wednesday, July 19, 2006 7:20 AM
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] site to site vpn one firewall has an internal ip 
> address in the General screen of firewall object
> 
> Good morning list. My question is, is it possible to set up a site to 
> site vpn where on one end of the tunnel the firewall's general tab has

> an internal ip? The firewall that is set up in this fashion does in 
> fact have an external interface, licensing, and the ability to do 
> VPN's. It was just set up with an internal ip because it was not going

> to be necessary initially to do site to site vpns. Would it be easier 
> to simply change the address of the firewall to an external IP or 
> could some NAT magic make this work. The firewall with the internal IP

> in General is R55 running on Linux 3.0. The other side of the tunnel 
> is R60
> HFA3 running on Linux 3.0. 
> 
> Any answers would be appreciated. 
> 
> Jeremy Lieb CCSE-NG CCSE+NG
> Firewall Administrator
> Open Text Corporation
> 100 Tri-State Int'l Pkwy
> Third Floor
> Lincolnshire, IL 60069
> 18472679330  ext 4395
>  
> 
> =================================================
> To set vacation, Out-Of-Office, or away messages, send an email to 
> LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list, please see the instructions at 
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your subscription options, 
> email fw-1-owner AT ts.checkpoint DOT com 
> =================================================
> 

=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] site to site vpn one firewall has an internal ip address in the General screen of firewall object, Jeremy Lieb Re: [FW-1] site to site vpn one firewall has an internal ip address in the General screen of firewall object, Andrej Skamen Re: [FW-1] site to site vpn one firewall has an internal ip address in the General screen of firewall object, No Name Available Re: [FW-1] site to site vpn one firewall has an internal ip address in the General screen of firewall object, Jeremy Lieb <=

Previous by Date:	Re: [FW-1] site to site vpn one firewall has an internal ip address in the General screen of firewall object, No Name Available
Next by Date:	[FW-1] HTTP Upload Problem., Patel, Aman
Previous by Thread:	Re: [FW-1] site to site vpn one firewall has an internal ip address in the General screen of firewall object, No Name Available
Next by Thread:	[FW-1], no fru
Indexes:	[Date] [Thread] [Top] [All Lists]