[VPN] multiple VPNs *through* checkpoint

Joshua Vince joshv at bcgsys.com
Tue Dec 10 13:29:19 EST 2002


I haven't tried this, but it probably won't work.  UPD 500 will pass
through many firewall implementations of many-one NAT, but IP Protocol
50 or 51 (ESP and AH) won't.  This is because there is no way to
port-map an IP Protocol.  It should work with a one-one NAT though.

Josh

-----Original Message-----
From: gclef at speakeasy.net [mailto:gclef at speakeasy.net] 
Sent: Monday, December 09, 2002 3:52 PM
To: vpn at shmoo.com
Subject: [VPN] multiple VPNs *through* checkpoint


So, I've got an interesting question: has anyone tried to pass multiple
IPSec VPNs through (ie not terminating at) a Checkpoint Firewall?
(especially one that's doing a many-one NAT)

I'm wondering how the firewall will handle the need for udp port 500
traffic (inbound through the firewall) to do the VPN keying.

Anyone try this yet?

Thanks.

Aaron
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn



More information about the VPN mailing list