VPN Site-to-Site between Cisco PIX 501 and CheckPoint NG
I followed the instructions from a Cisco guide to connect a PIX 501 and a Checkpoint NG firewall. But I've got a problem :
The Checkpoint firewall manages 3 networks :
- x.x.x.x (Internal)
- y.y.y.y (Public but Firewalled)
- z.z.z.z (Public un-Firewalled)
When the tunnel is set, my remote site cas access the x.x.x.x network, but he also looses the y.y.y.y network, where my public mail server is.
My question is :
As I have the 6.3 OS on the PIX box, do I have to force my remote site to use a specific route to access y.y.y.y network ? Or is there some specific setting that can allow me to redirect Internet traffic through dedicated router ?
Re: VPN Site-to-Site between Cisco PIX 501 and CheckPoint NG
Thank you for your answer first ;-)
So to resume, the objective is to create a VPN tunnel between remote internal network (10.0.0.0) to my internal network (192.168.100.0).
My problem is : When I set the VPN tunnel between theses two networks, my remote site cannot connect to the "Network 193 DMZ" and "Network 193 IN" anymore. Theses 2 networks contains several critical servers, like webmail or FTP. So it cannot be unavailable for the remote site.
As soon as I disable the VPN tunnel, the remote site is able to access again the two networks by Internet, as it used to be.
I suspect that either the Cisco PIX or Checkpoint NG sets that 193 IN and 193 DMZ networks should be accessed by using the VPN tunnel instead of a classical Internet access. Unfortunately, I tried to extend my Checkpoint Firewall rules to include access for remote internal network to the 193 DMZ and 193 IN, without success.
Is there a way to force access to theses two networks outside of the VPN tunnel ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...