![]() ![]() ![]() ![]() I can't imagine this is the first time something like this has arisen, so it might be worthwhile to have your Check Point SE (not TAC) check with the Solutions Center to see if they have some existing special code that can accomplish this. There may well be some kind of secret *.def file hack that enables the Check Point to negotiate ports and protocols along with the subnets for a certain peer, but I'm not aware of it. The Cisco side will need to accept all ports and protocols for the subnets in the "interesting traffic" ACL associated with the VPN tunnel, but then explicitly specify what is allowed into the network after decryption in a separate ACL. I don't believe this level of granularity is possible as the Check Point negotiates what will be legal in IKE Phase 2 as subnets with all ports and protocols allowed. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |