Can I setup a VPN this way?

[Stephen Hope]

The short answer is "it depends".

If the WAN connections are between routers (typical case), then what you
have is a "cloud" with 3 firewall / vpn bixes attached to it. The logical
and physical topologies in the cloud are separated, and you can define the
tunnels anyway you want between the VPN boxes.

It is common practise to have VPN and firewall kit with Ethernet - Ethernet
connections, so you would need separate WAN hardware (routers).

If you are using serial interfaces on the checkpoint stuff (i have only ever
seen this mentioned on the Nokia checkpoint hardware, and it seems pretty
rare in that environment) and have a combined firewall / VPN system then
life gets more complicated - you will probably need to define some rules to
pass the traffic "through" at the central site.

Since it sounds like a private network, you should be able to avoid
NAT......

If all you have is Checkpoint VPN, no firewall, then i dont have an answer
for you (i have always ended up with the firewalls, so i dont have the
info).

Stephen

Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis Integration Services Ltd, WWW: http://www.energis-eis.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4194 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189


> -----Original Message-----
> From: Ivan Fox [mailto:ifox100 at HOTMAIL.COM]
> Sent: 14 February 2001 00:30
> To: VPN at SECURITYFOCUS.COM
> Subject: Can I setup a VPN this way?
>
>
> There are 3 sites in serial, i.e., A -> B -> C.  Each site
> has a Check Point
> VPN-1.  They are connected using leased E1 lines.
>
> Can a VPN start at site A and terminate at site C?  Each site
> has its own
> network id!
>
> Any comments are appreciated.
>
> By the way, can a VLAN (lay 3) also provide "security"?
>
> Any pointers/comments are welcome.
>
> Ivan
>
> VPN is sponsored by SecurityFocus.COM
>

-----------------------------------------------------------------------------------------------------------

This email is confidential and intended solely for the use of the individual to
whom it is addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of Energis Integration Services.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.

We have an anti-virus system installed on all our PC's and therefore any files
leaving us via e-mail will have been checked for known viruses.
Energis Integration Services accepts no responsibility once an e-mail
and any attachments leave us.

If you have received this email in error please notify Energis Integration Services Communications
IT department on +44 (0) 1494 476222..
-----------------------------------------------------------------------------------------------------------

VPN is sponsored by SecurityFocus.COM