[FW1] Separated Internet gateways for different LANs

[Martin Zemljic <Martin.Zemljic@astec.si>]

 Hello guys.
 Here is the situation:
 - private backbone (500+ LANs), all illegal addresses, geographically large
 (200 miles/300 km) on Newbridge
 - approximately star topology
 - some oranizations involved has their own internet gateway, unfortunately,
 they may reside on the same first router as some other organization which shall
 use different internet gateway (and has its own ethernet port on the router)
 - inside the backbone there are several services that are not published via
 internet and should be accessible only via illegal addresses, so we can't
 publish them using NAT through FW.
 - every organization which has its own internet GW has a FW and DMZ on it; some
 DMZs are ilegally and some legally IP-numbered. It is possible ($$$) to put a
 proxy on every DMZ.

 In human readable form:
 On router ABC, LAN A has to use internet gateway mainA, LAN B has to use
 internet gateway mainB; mainA an mainB are accessible through the same WAN
 interface and possibly 100 km away. In some situations LANs A ans B may see
 each other, in some they may not.

 My guess is to make default routing to organization's proxy; I cannot see an
 easy solution without it. VPNs and encriptions are not acceptable. Routers are
 Cisco 2xxx, 4xxx, SW is 11.2(x) in average.

 Please suggest!








================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================