[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Hub and Spoke VPN
put a pc with a bunch of routing statements behind the firewall and use it as your central router. at each spoke reference this pc as your gateway to the other spoke-nets and you should be ok. Pete ----- Original Message ----- From: "JP" <[email protected]> To: <[email protected]> Sent: Thursday, January 31, 2002 2:06 AM Subject: Re: [FW-1] Hub and Spoke VPN > Are you using the router as the central termination point for all of the > spoked VPN's? This is not an option for me at this time. I need to use a > checkpoint as the central termination point. The problem I seem to be having > is getting checkpoint to take the decrypted packet from the first tunnel and > insert it into a second tunnel. > > -Jeff > > > ----- Original Message ----- > From: "Peter Papadopoulos" <[email protected]> > To: <[email protected]> > Sent: Thursday, January 31, 2002 1:58 PM > Subject: Re: [FW-1] Hub and Spoke VPN > > > > Hub and spoke is the way to go, with a router at the hub to direct traffic > > to all the spokes. > > traversing the fw twice to go from spoke to spoke could be considered bad, > > but life is easy for admin. > > > > I am currently managing a 6 spoke wheel like this. > > > > Pete > > > > ----- Original Message ----- > > From: "JP" <[email protected]> > > To: <[email protected]> > > Sent: Wednesday, January 30, 2002 11:54 PM > > Subject: Re: [FW-1] Hub and Spoke VPN > > > > > > > The rules will be different and there are multiple central management > > > consoles. Any thoughts on accomplishing my origional objective. > > > > > > -Jeff > > > ----- Original Message ----- > > > From: "Don" <[email protected]> > > > To: <[email protected]> > > > Sent: Thursday, January 31, 2002 11:58 AM > > > Subject: Re: [FW-1] Hub and Spoke VPN > > > > > > > > > > > > Is there a reason you don't want to fully mesh them? > > > > > Yes, the configuration does not scale well. If you have 20 sites > > setting > > > up > > > > > the VPNs fully meshed is much more complex and adding an additional > > site > > > or > > > > > removing one will be very time consuming. Using a hub and spoke > model > > > the > > > > > configuration will be much quicker. > > > > If the rules are the same for every VPN then you should be able to set > > up > > > > groups to make this management far easier. Create a group for all of > the > > > > VPN Encryption domains and use this group to create the no-NAT rule, > as > > > > well as the service rules. > > > > > > > > Adding a new network from that point forward should be as simple as > > adding > > > > it to the Encryption Domain Group (Which takes care of the rule and > the > > > > NAT), and adding the shared secret for IKE (Assuming you are using > IKE) > > > > which CheckPoint will propagate to all of the other firewalls > (Assuming > > > > you have an Enterprise Management Console). > > > > > > > > If you are not using IKE, are not using a central management console, > or > > > > do not have the same rules for all of the VPN's, then please ignore my > > > > ravings. > > > > > > > > -Don > > > > > > > > > > -Jeff Pecchio > > > > > > > ----- Original Message ----- > > > > > From: "Don" <[email protected]> > > > > > To: <[email protected]> > > > > > Sent: Thursday, January 31, 2002 9:45 AM > > > > > Subject: Re: [FW-1] Hub and Spoke VPN > > > > > > > > > > > > > > > > > Does anyone have experience with a hub and spoke architecture > for > > > VPN's > > > > > > > using 4.1. I have numerous sites that all need connectivity to > > each > > > > > > > other and do not want to fully mesh them. > > > > > > This is going to double the traffic on the hub and it's Internet > > > > > > connection. > > > > > > > > > > > > Is there a reason you don't want to fully mesh them? > > > > > > > > > > > > -Don > > > > > > > > > > > > ================================================= > > > > > > To set vacation, Out Of Office, or away messages, > > > > > > send an email to [email protected] > > > > > > in the BODY of the email add: > > > > > > set fw-1-mailinglist nomail > > > > > > ================================================= > > > > > > To unsubscribe from this mailing list, > > > > > > please see the instructions at > > > > > > http://www.checkpoint.com/services/mailing.html > > > > > > ================================================= > > > > > > If you have any questions on how to change your > > > > > > subscription options, email > > > > > > [email protected] > > > > > > ================================================= > > > > > > > > > > > > > > > > ================================================= > > > > > To set vacation, Out Of Office, or away messages, > > > > > send an email to [email protected] > > > > > in the BODY of the email add: > > > > > set fw-1-mailinglist nomail > > > > > ================================================= > > > > > To unsubscribe from this mailing list, > > > > > please see the instructions at > > > > > http://www.checkpoint.com/services/mailing.html > > > > > ================================================= > > > > > If you have any questions on how to change your > > > > > subscription options, email > > > > > [email protected] > > > > > ================================================= > > > > > > > > > > > > > ================================================= > > > > To set vacation, Out Of Office, or away messages, > > > > send an email to [email protected] > > > > in the BODY of the email add: > > > > set fw-1-mailinglist nomail > > > > ================================================= > > > > To unsubscribe from this mailing list, > > > > please see the instructions at > > > > http://www.checkpoint.com/services/mailing.html > > > > ================================================= > > > > If you have any questions on how to change your > > > > subscription options, email > > > > [email protected] > > > > ================================================= > > > > > > > > > > ================================================= > > > To set vacation, Out Of Office, or away messages, > > > send an email to [email protected] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [email protected] > > > ================================================= > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|