To follow up on my original post below. A mesh VPN is not possible
between 2 MEP members. Much testing was done with this and I just got
confirmation from CP that this is not possible,
-GS
________________________________
From: Gary Scott
Sent: Thursday, September 21, 2006 12:20 PM
To: 'Mailing list for discussion of Firewall-1'
Subject: MEP and mesh
Has anyone been successful getting MEP with mesh to work? When defining
a star vpn community you have the choice to MEP the center gateways as
well as mesh. When the center gateways are meshed and you have a failure
of one of the modules access to that modules encryption domain fails,
the primary MEP module will try and send any traffic for the remote
domain to the MEP member through VPN routing. To get the mesh to work
you must use a MEP method that does not have any overlap between
encryption domains. I can find no documentation on doing a site to site
VPN between two MEP gateways. If this is not possible then why have the
ability to select both within a community? Any and all insight is
appreciated. Thanks, GS
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
