Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Securemote and Tunnelling

To: "'[email protected]'" <[email protected]>
Subject: [FW1] Securemote and Tunnelling
From: "Shankara Narayanan S(Datacom)" <[email protected]>
Date: Mon, 23 Oct 2000 14:21:28 +0530
Sender: [email protected]

Dear all,

A large stock exchange is proposing to have trading through remote clients
with a secure VPN. The tandem server at the customer location is configured
to allow client connections only from the same subnet as the server resides
. 

For example, if the tandem server is having the IP of 13.1.1.1, only the
clients from the 13.1.1.1 network is allowed to connect to the server. Apart
from this , the tandem server is also configured to broadcast (UDP, on
specific ports )  the latest information on the scrips only to this subnet (
13.255.255.255 ) 

The customer is looking for a Checkpoint + Securemote/Secureclient solution
from us. With a normal securemote/secureclient connection, the original IP
address ( allotted from the ISP ) of the securemote client will be the
source IP address of the connection, which the tandem server would reject.

Now, the customer is already having a solution based on the Intel Shiva VPN
appliance. This appliance features a single user tunnel, in which the VPN
client could have a private IP address which could be the part of the subnet
the server could allow access ( part of the 13.0.0.0 subnet, in this case )
This address would be allotted to the VPN client once the user successfully
authenticates on the VPN gateway.

Hence, a secure tunnel is established between the tandem server and the VPN
client with the VPN client in the same subnet as the tandem server and all
the communications go through including the UDP broadcast.

The customer is expecting a similar solution from Checkpoint VPN, with the
flexibility of mapping a private IP to the VPN client, irrespective of from
which part of the world the client is making the connection. The advantage
of this setup is that no configuration change is needed on the existing
Tandem server and is secure also.

Please help us immediately in providing a solution to the customer, if
anybody has encountered this kind of requirement.

Regards

S Shankara Narayanan


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Management Clients hang up... What's up ???
Next by Date: RE: [FW1] Securemote and Tunnelling
Previous by thread: RE: [FW1] Protocol 47 ?????
Next by thread: RE: [FW1] Securemote and Tunnelling
Index(es):
- Date
- Thread