Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
301
Views
0
Helpful
2
Replies

CheckPoint FW @ 3005 IPSec

mkoponick
Level 1
Level 1

‎12-03-2002 11:16 AM - edited ‎02-21-2020 12:12 PM

Hello,

I've read all (all I could find) the documentation regarding connecting a CheckPoint FW to a 3005 Concentrator, and had one question that was not in the docs.

If I want to initiate a connection from the CP to the 3005, and want to single out a particular IP address. All other traffic should not go over the IPSec tunnel.

Any suggested reading? Tips?

Thanks!

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎12-04-2002 05:18 PM

Are you saying you want to just allow one device behind the CP to go over the tunnel? If so, then just include that host (rather than the whole network) in your crypto ACL's/lists.

Or are you saying that you only want the tunnel to be able to be initiated from behind the CP from that one client? That's a bit more difficult, in fact I'm not really sure how you'd do that. If only traffic to that one host behind the CP is going to be encrypted, is it important which device establishes the tunnel?

0 Helpful

mkoponick
Level 1
Level 1
In response to gfullage

‎12-04-2002 06:53 PM

Actually, I want to allow ANY host on the CP side to connect to a single host on the PIX side. I think your reply is the ticket.

Thanks!

0 Helpful
Customers Also Viewed These Support Documents