|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] IP pools
I have a strong hunch: After enabling IP Pool NAT, you must ARP the addresses used in your IP pool to your internal interface. For example, I'm running FW1 on NT, so I have about 25 entries in my local.arp file - a few for inbound static NATs, and the rest for the addresses used in my IP NAT pool, using the MAC address of the internal interface of the firewall. I bet that'll do the trick. If not, post again. Good luck! Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders -----Original Message----- From: MIS [mailto:[email protected]] Sent: Thursday, September 21, 2000 12:09 PM To: FW1 mailinglist Subject: RE: [FW1] IP pools Using Ip pool for Secure Remote connection also confused me here I am using 10.x.x.x for my internal network Every times I turn on IP pool NAT, my Secure Remote connection does not work, if I turn it off, it work Can anybody explain why? -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Jason Witty Sent: Thursday, September 21, 2000 10:45 AM To: [email protected] Cc: [email protected] Subject: Re: [FW1] IP pools I can't really point you to any docs, other than the 4.1 VPN manuals, but basically, there are several reasons for using that feature. Most of the reasons deal with routing. For example, lets say your company has multiple Internet connections, in multiple locations, with a shared internal WAN between the locations. If a VPN user came into the network via location1's firewall, and you did NOT do an internal NAT pool, when they tried to access resources in location 2's network, the return packets would go out through location 2's firewall. Since that firewall wouldn't have known about the traffic, it would then be dropped, and hence the VPN would not fully work. Whew...Did that make any sense? If not, let me know and I'll clarify, but the basic idea is that you assign your VPN users a 10-dot (or whatever) tunnel address so that your route back can take a specific route and NOT a default route.... Hope this helps. Jason [email protected] wrote: > > Can someone please point me to a resource which explains exactly what IP > Pools are needed for. I know I have to use them if I am trying to do > VPN/Securemote stuff between two site which are both using say a 10.x.x.x > network and NAT'ing. But I am not clear why? I have read the CP > documentation. > Thanx > Paul > -------------------------------------------------------------------------- ------------------ > > C. Paul Simons > Corporate Network Services > IHS Energy Group, Englewood, CO. > > Main:> Direct:> Fax:> Mobile:> > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
