Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

8600 and Checkpoint VPN/Firewall

Status
Not open for further replies.
pat2006

pat2006

Technical User
Jun 23, 2006
30
TT
Hi all.

Here's an interesting one.

I have 2 8600 (Rel. 4.1) connected through a Checkpoint VPN/Firewall (implemented on 2 PCs). The set up is like this.....
LAN1 -> 8600 -> Checkpoint PC -----> Checkpoint PC -> 8600 -> LAN2.

The link is a broadband connection provided by a service provider.

The problem is that we cannot get the system to work properly and we suspect that it is a routing issue. For some reason RIP cannot go through the VPN/Firewall as is.

Checkpoint support says that we need to do IP encapsulation for packets like RIP. They mentioned a GRE tunnel, but this is a CISCO concept.

Does the 8600 have an equivalent to CISCO's GRE tunnel to do the IP encapsulation they spoke of?

Thanks.
 
Sort by date Sort by votes
Hi,

your issue is that VPN`s dont support Multicast / broadcast packets, Ripv1 uses broadcasts, RipV2 uses multicast, either way your buggered.

Cisco supports GRE tunnels, so you could GRE Tunnel over your VPN, with the routing protocols ( broadcast / Multicast ) encapsulated in a gre tunnel ( unicast ) the VPN can support it.

Cannot you use static Routes? or switch to a protocol such as OSPF which has the capability to use unicast, not sure how big your network is and how much of a task this would be.

Alternativly you could get a couple of cheap 2612 routers ( picked up cheaply ) and creat your GRE Tunnel on those....



LEEroy
MCNE6,CCNP,CWNA,CCSA,Project+
 
Upvote 0 Downvote
Is it that the 8600 cannot perform some form of IP encapsulation, like a GRE tunnel?

Static routes... maybe. OSPF... nope!
 
Upvote 0 Downvote
I'm unaware of any GRE-like tunnel capabilities on the 8600 platform.

I've never tried it, but could something like an OSPF virtual link solve your problem?

Otherwise leedsit's idea of using inexpensive Cisco boxes to create a GRE tunnel isn't a bad one, you'd have to think about the additional hardware to maintain versus the hassle of static routes.
 
Upvote 0 Downvote
I did some checking and found out that the 866? service delivery module supports GRE.

This module has a Checkpoint Firewall and other goodies built in.

I really don't know much about OSPF, hence my hesitation to use it.

I'll just have to look at the other options.

Thanks.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

UnderTheBusAsUsual
  • Question
Avaya IPO with OneCom and Gamma SIP trunks
Replies
1
Views
310
Firebird Scrambler
Firebird Scrambler
Michel$
  • Question
hi guys, After upgrading System Manager Communication Manager and Session Manager versions 8.1 to 10.2 SIP device phones display the error message "n
Replies
0
Views
241
Michel$
Michel$
halj
  • Locked
  • Question
VPN phones - IKE version 2
Replies
1
Views
82
halj
halj
miky2019
  • Locked
  • Question
Equinox client request extension and password while using auto configuration
Replies
0
Views
74
miky2019
miky2019
msbutton
  • Locked
  • Question
ERS 8600 TMUX Parity Question
Replies
1
Views
70
andy88
andy88

Part and Inventory Search

Sponsor

Back
Top