I mainly work with Cisco ISRs for VPN and I am used to creating an ACL to define the subnets I want to participate in phase 2 for IPSEC vpns. I can have multiple VPNs, all with different phase 2 source subnets.
On our Checkpoint firewalls (R77.30) I cant see how to configure the same behaviour. All I seem to be able to do is create a group to define a VPN domain at gateway level which applies to all VPN connections. This means all my subnets are getting included in phase 2 for all VPNs.
It doesnt prevent the VPNs from getting established but I am not comfortable with every VPN connection having all source subnets included in it.
Any idea how I can configure this in smartdashboard to be more like the Cisco config?
No comments:
Post a Comment