[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] VPN Endpoints

To: "'Jerald Josephs'" <jjosephs@pacbell.net>, Thomas.Poole@gecits.ge.com, fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] VPN Endpoints
From: "Bunn, Kent" <kent@gazelle.com>
Date: Tue, 21 Mar 2000 10:10:25 -0800
Sender: owner-fw-1-mailinglist@lists.us.checkpoint.com


One end of the tunnel will be a FW-1.  It's on a static address.  The other
end, is going to be a home user, connecting up via Cable Modem, using a
Sonic Wall.

-----Original Message-----
From: Jerald Josephs [mailto:jjosephs@pacbell.net]
Sent: Thursday, March 16, 2000 12:02 AM
To: Thomas.Poole@gecits.ge.com; fw-1-mailinglist@lists.us.checkpoint.com
Subject: Re: [FW1] VPN Endpoints



Perhaps you are assuming that the VPN endpoint is a FireWall-1 platform.
It may not be.
It could be an IKE compatible dialup device protecting a single-office or
home
which needs to establish a VPN.

As long as two VPN endpoints have the same pre-shared secret or use
certificates that are addressable, then one could craft a security policy
which
would accept IKE from any source in order to do a key exchange and then
choose to do Authentication of particular services, adding Encryption to
the Auth properties under the Action field of the rule.

Static IP addresses are not required with an IKE negotiated VPN

--- Jerald Josephs


----- Original Message -----
From: <Thomas.Poole@gecits.ge.com>
To: <fw-1-mailinglist@lists.us.checkpoint.com>
Sent: Wednesday, March 15, 2000 7:28 PM
Subject: RE: [FW1] VPN Endpoints


>
> With that said, why would you use Dynamic addressing for a FW-1 object.
> Let's not even bring up the
> licensing issues?
>
> Thomas
>
> -----Original Message-----
> From: Neil Ratzlaff [mailto:neil.ratzlaff@ucop.edu]
> Sent: Wednesday, March 15, 2000 3:09 PM
> To: Bunn, Kent; FW-1 mailing list (E-mail)
> Subject: Re: [FW1] VPN Endpoints
>
>
>
> I know of no reason that a VPN has to have static IP addresses at either
> end.  The catch is that you need to know both end addresses (static or
not)
> before the tunnel is created - at least I don't think you can change it on
> the fly.
> Neil
>
>
> At 02:41 PM 3/15/00 -0800, Bunn, Kent wrote:
> >I'm quite certain, that the endpoint of a VPN HAS to be at a static
> address.
> >Is this correct, or is there some way to set up one endpoint, at a
dynamic
> >address?
> >
> >
> >  <<Kent Bunn (E-mail).vcf>>
>
>
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Looking for an object
Next by Date: [FW1] "Account" vs. "Log"
Prev by thread: Re: [FW1] VPN Endpoints
Next by thread: [FW1] How to change FW-1 Administrator password
Index(es):
- Date
- Thread