Is this option possible or should it be done a different way? I don’t know how I can send traffic across as I would need to add the site B remote encryption network into the CheckPoint local encryption domain.Īny suggestions or thoughts would be appreciated. I think this is due to the pre-NAT destination IP - 192.168.0.10 being defined in the CheckPoint local VPN encryption domain. The packet is Accepted but not Encrypted so doesn’t traverse the site B VPN. A secure remote access solution promotes collaboration by connecting global virtual teams at headquarters, branch offices, remote locations, or mobile users on the go. The packet from site A will decrypt on the CheckPoint, apply the source / dest NAT and hit the firewall rule configured to allow traffic to the site B VPN tunnel. Remote Access VPN ensures that the connections between corporate networks and remote and mobile devices are secure and can be accessed virtually anywhere users are located. I have tested creating the below NAT rule: (Disable NAT inside the VPN community is unchecked in both communities) Note1: This applies to IOS-Routers with IOS 12.4+. This document shows which Access-List-Entries (ACEs) are needed to allow IPSec-Traffic into the router. Remote Encryption Domain Site B: 192.168.4.0/24 Every Router connected to the Internet should be protected with an Access-Control-List (ACL) that filters the traffic that is sent to the router. Remote Encryption Domain Site A: 192.168.2.0/24
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |