[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Securemote and Tunnelling

To: "'Shankara Narayanan S(Datacom)'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: RE: [FW1] Securemote and Tunnelling
From: "Reynolds, Tom" <[email protected]>
Date: Mon, 23 Oct 2000 09:25:24 -0400
Sender: [email protected]


You can create a pool of IP addresses in the 13.1.x.x. range if you wanted
that your Secureremote clients will use when they come in through the VPN.

Tom Reynolds, MCSE, CCNA
_________________________
Pilgrim Baxter and Associates
Network Security and Engineering
825 Duportail Rd.
Wayne, Pennsylvania [email protected]


-----Original Message-----
From: Shankara Narayanan S(Datacom) [mailto:[email protected]]
Sent: Monday, October 23, 2000 4:51 AM
To: '[email protected]'
Subject: [FW1] Securemote and Tunnelling



Dear all,

A large stock exchange is proposing to have trading through remote clients
with a secure VPN. The tandem server at the customer location is configured
to allow client connections only from the same subnet as the server resides
. 

For example, if the tandem server is having the IP of 13.1.1.1, only the
clients from the 13.1.1.1 network is allowed to connect to the server. Apart
from this , the tandem server is also configured to broadcast (UDP, on
specific ports )  the latest information on the scrips only to this subnet (
13.255.255.255 ) 

The customer is looking for a Checkpoint + Securemote/Secureclient solution
from us. With a normal securemote/secureclient connection, the original IP
address ( allotted from the ISP ) of the securemote client will be the
source IP address of the connection, which the tandem server would reject.

Now, the customer is already having a solution based on the Intel Shiva VPN
appliance. This appliance features a single user tunnel, in which the VPN
client could have a private IP address which could be the part of the subnet
the server could allow access ( part of the 13.0.0.0 subnet, in this case )
This address would be allotted to the VPN client once the user successfully
authenticates on the VPN gateway.

Hence, a secure tunnel is established between the tandem server and the VPN
client with the VPN client in the same subnet as the tandem server and all
the communications go through including the UDP broadcast.

The customer is expecting a similar solution from Checkpoint VPN, with the
flexibility of mapping a private IP to the VPN client, irrespective of from
which part of the world the client is making the connection. The advantage
of this setup is that no configuration change is needed on the existing
Tandem server and is secure also.

Please help us immediately in providing a solution to the customer, if
anybody has encountered this kind of requirement.

Regards

S Shankara Narayanan


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Date: Mon, 23 Oct 2000 05:42:27 -0400
Next by Date: [FW1] Session authentication with SecurID
Prev by thread: RE: [FW1] Securemote and Tunnelling
Next by thread: [FW1] Oracle Connection established only after disabling NIC with secuRemote
Index(es):
- Date
- Thread