[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] NAT, additional subnets etc.
Hi We have a CP 4.0 SP4 VPN-1 on NT 4.0 SP4 - moving to Nokia CP4.1 soon...ish ;-) We use static NAT for a handful of boxes (mainly DMZ) and Hide NAT for rest. Now have a request outstanding to add a number of machines without NAT but that can communicate accross Internet - i.e. need legal IP addresses (apparently NAT breaks the protocols used - development stuff (mainly multicast video/mpeg stuff?) - don't ask 'cos I don't know much more than that yet !). What is the best way to achieve this ? 2 potential options came to mind but I'm not sure what will work:- 1.a Add a secondary address from a newly acquired (ISP-issued) pool to the external interface of the router 1.b Either another secondary (from the same new address pool) to the existing internal LAN interface OR add a new LAN interface to the firewall with the new address 2. Swapout router for one with 2 LAN ports and feed that into another fw interface Temporary option:- Maybe I could take a handful of our rare internal (also legal) addresses and static NAT for them - maybe the protocols will handle static NAT better than Hide NAT ? Option 1 plus temporary option to get by until extra LAN card arrives/is configured seems most likely but I need some sanity checking... TIA Tim Higgins #********************************************************************** This message is intended solely for the use of the individual or organisation to whom it is addressed. It may contain privileged or confidential information. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you should not use, copy, alter, or disclose the contents of this message. All information or opinions expressed in this message and/or any attachments are those of the author and are not necessarily those of Hughes Network Systems Limited, including its European subsidiaries and affiliates. Hughes Network Systems Limited, including its European subsidiaries and affiliates accepts no responsibility for loss or damage arising from its use, including damage from virus. #********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|