Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

CheckPoint FW @ 3005 IPSec


I've read all (all I could find) the documentation regarding connecting a CheckPoint FW to a 3005 Concentrator, and had one question that was not in the docs.

If I want to initiate a connection from the CP to the 3005, and want to single out a particular IP address. All other traffic should not go over the IPSec tunnel.

Any suggested reading? Tips?


Cisco Employee

Re: CheckPoint FW @ 3005 IPSec

Are you saying you want to just allow one device behind the CP to go over the tunnel? If so, then just include that host (rather than the whole network) in your crypto ACL's/lists.

Or are you saying that you only want the tunnel to be able to be initiated from behind the CP from that one client? That's a bit more difficult, in fact I'm not really sure how you'd do that. If only traffic to that one host behind the CP is going to be encrypted, is it important which device establishes the tunnel?

New Member

Re: CheckPoint FW @ 3005 IPSec

Actually, I want to allow ANY host on the CP side to connect to a single host on the PIX side. I think your reply is the ticket.


CreatePlease to create content