Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] NAT, additional subnets etc.

To: [email protected]
Subject: [FW1] NAT, additional subnets etc.
From: [email protected]
Date: Tue, 14 Nov 2000 07:56:23 +0000
Sender: [email protected]

Hi

We have a CP 4.0 SP4 VPN-1 on NT 4.0 SP4 - moving to Nokia CP4.1 soon...ish
;-)

We use static NAT for a handful of boxes (mainly DMZ) and Hide NAT for
rest.

Now have a request outstanding to add a number of machines without NAT but
that can communicate accross Internet - i.e. need legal IP addresses
(apparently NAT breaks the protocols used - development stuff (mainly
multicast video/mpeg stuff?) - don't ask 'cos I don't know much more than
that yet !).

What is the best way to achieve this ?

2 potential options came to mind but I'm not sure what will work:-

1.a Add a secondary address from a newly acquired (ISP-issued) pool to the
external interface of the router
1.b Either another secondary (from the same new address pool) to the
existing internal LAN interface OR add a new LAN interface to the firewall
with the new address

2. Swapout router for one with 2 LAN ports and feed that into another fw
interface

Temporary option:- Maybe I could take a handful of our rare internal (also
legal) addresses and static NAT for them - maybe the protocols will handle
static NAT better than Hide NAT ?


Option 1 plus temporary option to get by until extra LAN card arrives/is
configured seems most likely but I need some sanity checking...


TIA

Tim Higgins



#**********************************************************************
This message is intended solely for the use of the individual
or organisation to whom it is addressed. It may contain
privileged or confidential information.  If you have received
this message in error, please notify the originator immediately.
If you are not the intended recipient, you should not use,
copy, alter, or disclose the contents of this message.  All
information or opinions expressed in this message and/or
any attachments are those of the author and are not
necessarily those of Hughes Network Systems Limited,
including its European subsidiaries and affiliates. Hughes
Network Systems Limited, including its European
subsidiaries and affiliates accepts no responsibility for loss
or damage arising from its use, including damage from virus.
#**********************************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] FW-1 client authen doesn't support special character
Next by Date: [FW1] VPN Question
Previous by thread: [FW1] FW-1 client authen doesn't support special character
Next by thread: [FW1] VPN Question
Index(es):
- Date
- Thread