[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Securemote and Tunnelling
Dear all, A large stock exchange is proposing to have trading through remote clients with a secure VPN. The tandem server at the customer location is configured to allow client connections only from the same subnet as the server resides . For example, if the tandem server is having the IP of 13.1.1.1, only the clients from the 13.1.1.1 network is allowed to connect to the server. Apart from this , the tandem server is also configured to broadcast (UDP, on specific ports ) the latest information on the scrips only to this subnet ( 13.255.255.255 ) The customer is looking for a Checkpoint + Securemote/Secureclient solution from us. With a normal securemote/secureclient connection, the original IP address ( allotted from the ISP ) of the securemote client will be the source IP address of the connection, which the tandem server would reject. Now, the customer is already having a solution based on the Intel Shiva VPN appliance. This appliance features a single user tunnel, in which the VPN client could have a private IP address which could be the part of the subnet the server could allow access ( part of the 13.0.0.0 subnet, in this case ) This address would be allotted to the VPN client once the user successfully authenticates on the VPN gateway. Hence, a secure tunnel is established between the tandem server and the VPN client with the VPN client in the same subnet as the tandem server and all the communications go through including the UDP broadcast. The customer is expecting a similar solution from Checkpoint VPN, with the flexibility of mapping a private IP to the VPN client, irrespective of from which part of the world the client is making the connection. The advantage of this setup is that no configuration change is needed on the existing Tandem server and is secure also. Please help us immediately in providing a solution to the customer, if anybody has encountered this kind of requirement. Regards S Shankara Narayanan ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|