[VPN] multiple VPNs *through* checkpoint
Watson, Travis
Travis.Watson at Honeywell.com
Tue Dec 10 14:36:36 EST 2002
Oops--Josh read it more carefully than me, Aaron.
The Many-to-1 would almost definitely kill it, yes.
--Travis
-----Original Message-----
From: Joshua Vince [mailto:joshv at bcgsys.com]
Sent: Tuesday, December 10, 2002 11:29 AM
To: gclef at speakeasy.net; vpn at shmoo.com
Subject: RE: [VPN] multiple VPNs *through* checkpoint
I haven't tried this, but it probably won't work. UPD 500 will pass
through many firewall implementations of many-one NAT, but IP Protocol
50 or 51 (ESP and AH) won't. This is because there is no way to
port-map an IP Protocol. It should work with a one-one NAT though.
Josh
-----Original Message-----
From: gclef at speakeasy.net [mailto:gclef at speakeasy.net]
Sent: Monday, December 09, 2002 3:52 PM
To: vpn at shmoo.com
Subject: [VPN] multiple VPNs *through* checkpoint
So, I've got an interesting question: has anyone tried to pass multiple
IPSec VPNs through (ie not terminating at) a Checkpoint Firewall?
(especially one that's doing a many-one NAT)
I'm wondering how the firewall will handle the need for udp port 500
traffic (inbound through the firewall) to do the VPN keying.
Anyone try this yet?
Thanks.
Aaron
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
More information about the VPN
mailing list