The encryption domain simply contains every network and host that could potentially be accessed through the VPN. It is possible to restrict which hosts are accessible via the security policy. Note that it may not be desirable for every host within the various networks to be accessible. The encryption domain for Site B should include these networks along with any translated IP addresses for hosts on this network. Likewise, Site B has the network 172.17.0.0/16 behind its gateway. The encryption domain for Site A should include these networks along with any translated IP addresses for hosts on these networks. Whether certificates or pre-shared secrets will be used Which hosts and/or networks will be accessible at the remote site (the partner's encryption domain) Which hosts and/or networks the remote site will be able to access through the VPN (your encryption domain) You need the following information when planning a VPN based in FireWall-1: As noted previously in the book, I treat .x as routable address space even though it is generally not considered routable per RFC1918.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |