[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Hub and Spoke VPN
The rules will be different and there are multiple central management consoles. Any thoughts on accomplishing my origional objective. -Jeff ----- Original Message ----- From: "Don" <[email protected]> To: <[email protected]> Sent: Thursday, January 31, 2002 11:58 AM Subject: Re: [FW-1] Hub and Spoke VPN > > > Is there a reason you don't want to fully mesh them? > > Yes, the configuration does not scale well. If you have 20 sites setting up > > the VPNs fully meshed is much more complex and adding an additional site or > > removing one will be very time consuming. Using a hub and spoke model the > > configuration will be much quicker. > If the rules are the same for every VPN then you should be able to set up > groups to make this management far easier. Create a group for all of the > VPN Encryption domains and use this group to create the no-NAT rule, as > well as the service rules. > > Adding a new network from that point forward should be as simple as adding > it to the Encryption Domain Group (Which takes care of the rule and the > NAT), and adding the shared secret for IKE (Assuming you are using IKE) > which CheckPoint will propagate to all of the other firewalls (Assuming > you have an Enterprise Management Console). > > If you are not using IKE, are not using a central management console, or > do not have the same rules for all of the VPN's, then please ignore my > ravings. > > -Don > > > > -Jeff Pecchio > > > > ----- Original Message ----- > > From: "Don" <[email protected]> > > To: <[email protected]> > > Sent: Thursday, January 31, 2002 9:45 AM > > Subject: Re: [FW-1] Hub and Spoke VPN > > > > > > > > Does anyone have experience with a hub and spoke architecture for VPN's > > > > using 4.1. I have numerous sites that all need connectivity to each > > > > other and do not want to fully mesh them. > > > This is going to double the traffic on the hub and it's Internet > > > connection. > > > > > > Is there a reason you don't want to fully mesh them? > > > > > > -Don > > > > > > ================================================= > > > To set vacation, Out Of Office, or away messages, > > > send an email to [email protected] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [email protected] > > > ================================================= > > > > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|