Hi,
closely related to the other question I asked a couple of days ago, I
was just thinking about how to configure a site-to-site VPN if the
remote peer uses IP addresses that I already use in another VPN. I
guess I could just NAT his address range to whatever I like and I can
work with, but what I can't figure out is what I would put into the
encryption domain of the remote end's gateway object. His original
addresses or the NAT addresses I defined?
I figure that if I use the original addressses, it might not work
because I already have these addresses in another encryption domain
and VPN-1 could not decide which VPN to use...? But if I use the NAT
addresses, wouldn't I see tons of "no valid SA" entries in my log
because within the VPN tunnel the IP addresses are different than
those in the enc domain...?
Confusing. Hope my thoughts make sense to you and you can give me
some enlightment :)
Cheers
Sascha
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
