Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] VPN and NAT Question

To: "'[email protected]'" <[email protected]>
Subject: [FW1] VPN and NAT Question
From: George Olney <[email protected]>
Date: Tue, 17 Oct 2000 19:07:05 +0100
Sender: [email protected]

> Hi
> 
> I have a problem with setting up a VPN and NAT.
> 
> Have two Firewall-1 VPN's 4.1 SP1, NT Servers. Each residing at separate
> offices. We have configured the VPN option on both and have successfully
> exchanged Certificates/Keys. 
> 
> Firewall A has three network cards in, one attached to the internet with a
> valid IP address and two with IP addresses for two subnets 192.168.1.0 and
> 192.168.2.0 (i.e. 1.254 and 2.254)
> 
> Firewall B has two network cards, one attached to the internet with a
> valid Ip address and one with an IP address (192.168.3.254) for the subnet
> 192.168.3.0
> 
> We have two problems..
> 
> the first is that we cannot ping a server we have set up with NAT on our
> 3.0 network from the Internet, (even with all firewall rules relaxes i.e.
> allow everything) 
> If we ping the valid internet address of the server from the console on
> Firewall B, it resolves and replies.
> 
> The second, more important problem is..
> 
> how do I route encrypted traffic from Firewall A to Firewall B using the
> VPN - i.e. say my IP address is 192.168.1.200 on Firewall A and I want to
> speak to host 192.168.3.50 at the other office - what do I do? I have set
> the rule base up to encrypt traffic either way using a group  (i.e.
> grouping Networks 192.168.1.0 and 192.168.2.0 on Firewall A and
> 192.168.3.0 on Firewall B, allowing any traffic to be encrypted). So I
> think according to the manual the VPN seems to be okay.
> 
> It's just, I don't understand how you route traffic from say our
> 192.168.1.0 network on Firewall 1 to a server in the 192.168.3.0 network
> on Firewall2.  Normally, it is easy to do with the Firewall using 'route
> add' at the NT command prompt. 
> 
> The problem I have now is, how and where do I tell the Firewall A NT
> server how to route an invalid 192.168.3.x address to the Firewall B NT
> server over the internet. And, if I was successful in doing this, how do I
> ensure that when it gets to Firewall B, the firewall there can route
> 192.168.3.x traffic.
> 
> I guess what I am asking is, what is the process, from me typing
> 192.168.3.50 behind Firewall A to it getting passed via the VPN to
> Firewall B?
> 
> Our configuration is set up so that it treats Firewall B as an external
> network as per page 67 in the VPN Guide.
> 
> Please help. Even if it is a referral to a page in any of the Checkpoint
> books. I cannot find it!
> 
Thanks

George


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: AW: [FW1] FW1 and Win2K - Interface problems
Next by Date: [FW1] NT server or NT workstation as Operating System ?
Previous by thread: AW: [FW1] FW1 and Win2K - Interface problems
Next by thread: RE: [FW1] VPN and NAT Question
Index(es):
- Date
- Thread