In many vendors this is implemented in completely different ways. As stated earlier, there is some behavior differences in Check Point’s implementation of these that make it a little more difficult to understand / work with. Per VPN101, encryption domains are the local and remote networks, which are negotiated as part of the IKE Phase 2 negotiations, in order to “better” secure the use of the VPN tunnel to permit only those networks, and (in Check Point’s case) as a routing mechanism. VPN Domain is also known as encryption domain, proxy-ID, and cryptomaps (some received IKE messages may simply refer to them as “ID information”). This FAQ’s purpose is to attempt to clarify this behavior and be a consolidated resource for Check Point’s VPN domain information. Not to mention general confusing nature of their VPN domain implementation. Complex default behaviors and non-industry-standard implementation of encryption domains causes a lot of issues with interoperable VPN (VPNs with different vendors).
0 Comments
Leave a Reply. |