[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Hub and Spoke VPN
> put a pc with a bunch of routing statements behind the firewall and use it > as your central router. at each spoke reference this pc as your gateway > to the other spoke-nets and you should be ok. This PC is going to receive traffic from a remote network from the firewall. It is then going to attempt to route it back through the firewall. This should result in an ICMP redirect to the firewall that tells it that it is in fact the next hop. More likely, the firewall will have to have routes to the other networks and it will attempt to forward the traffic before it ever gets to the internal PC. CheckPoint will decrypt the packet, attempt to route it and never re-encrypt it. Finally, with routing you are only supposed to specify the next hop. You can not tell a system that the path to XYZ network is through that router over there (Three hops away). -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|