Basically what you want to do is this:
HeadQuarters: Run Checkpoint NGx R60/R61 on Nokia IP1220.
Remote site: Since the remote site only has 20-25 users, you can easily get
away
with using Pix515E or ASA5510 and it will work just fine. I like Pix
solution at remote
site because it is so easy to configure and ruleset on the remote site is
unlikely to
change. NGx R60 on Nokia IP appliance makes sense at the HQ because you
always have lot of changes at the HQ so going with CP makes sense.
since your networks at HQ and remote sites will be communicating via IPSec
tunnel
in "tunnel mode" hostX at remote site can communicate with hostY at HQ and
vice
versa without issues.
As far as running Citrix over ADSL is another story. I tested it on a cable
modem
connection 5mbps down and 2mbps up and it is working just fine.
HTH
John Lindblom <jlindblom AT MICO DOT COM> wrote:
We are looking at opening a remote site with around 20-25 users in Mexico
so I'm looking at how we will connect that remote site. Only about 10 of
the users will actually be using the line to run thin client (Citrix)
sessions so I'm thinking a Site-to-Site VPN over DSL should be sufficient.
I have never setup a Site-to-Site VPN and have very little time to plan
this so I'm hoping I can get some feed back from the list members who are
working with StoS VPN's.
They only offer ADSL 4096/1024 is the fastest they offer, will this
mismatch in up and down speeds affect the VPN other than of course
performance?
If I don't do NATing and use different IP addresses at each end will I be
able to communicate with devices at each end as if it were a Point-to-Point
T1.
Anyone using a Checkpoint Safe@Office appliance for a small remote office
with a Site-to-Site VPN?
Thanks,
John
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
---------------------------------
All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
