Archive for the ‘VPN’ Category

Prevent VPN traffic being encrypted even if match encryption domain

Author: admin

For NGX :

In $FWDIR/conf

Edit user.def.NGX_R60 on the SmartCenter or on the relevant CMA on the Provider-1

#define NON_VPN_TRAFFIC_RULES (src=1.1.1.1 or src=2.2.2.2 ,dst=1.1.1.1 or dst=2.2.2.2)

Install the policy

Clear SAs

Enjoy

No Comments »

to check whether you have gateways with partially overlapping encryption domains

Author: admin

On the MDS / Smartcenter Server
# mdsenv CMAXXX (if you have provider-1)
#vpn overlap_encdom

it wont show firewalls Interfaces IP addresses that are part of the vpn domain implicitely

No Comments »

VPN-1 site to site VPN with NAT

Author: admin

If you need to hide/NAT your IP address for a site to site VPN, for instance because your current IP is not routable by the remote peer you have to :

- uncheck Disable NAT inside the Community

- make sure the network or host objects you used are in your VPN domain

No Comments »
Categories
Subscribe2

Your email:

 

Contact Us | Terms of Use | Trademarks | Privacy Statement
Copyright © 2009 Networking Tips. All Rights Reserved.

Powered by WordPress and WordPress Theme.