Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Securemote Client and NAT

To: "Fw1 (E-mail)" <[email protected]>
Subject: [FW1] Securemote Client and NAT
From: Kevin Ruggles <[email protected]>
Date: Mon, 4 Dec 2000 19:29:04 -0800
Sender: [email protected]

Hello, 
I am new to this and need some help.
I am using SR client 4.1 behind a netgear rt311 router and DSL modem. 

My problem is that I have a private lan and am using the netgear router to
allow all machines internet access. When I try using the SR client from a
machine going through the router, I am not able to make it work.

I have researched the issue of using SR client behind a router and came up
with a great info page at  (http://www.phoneboy.com/fw1/faq/0141.html)

I have a few questions about the information on the above web page.

bullet 2 under the A: talks about "ISKAMP", a little below it has ISAKMP and
then later it has "IKE". Are these all the same? 
I think the first two are but I'm not sure about the last. If it is
different, what is IKE?

bullets 3-5 talk about STATIC , POOL and HIDE NAT. Bullets 3,4 both say at
the end " follow the steps below." I am not sure what steps below to follow.


Bullet 5 is for HIDE NAT.   It says " only one user .... unless ... UDP
Encapsulation....
	This should work fine for ... home-office network...."

So this is where I fit in. I only need one machine enabled to use SR client
behind my netgear Router.
Here I am assuming that the router fits into the HIDE NAT category. 
Please correct me if I am wrong.


The Last part of the article  starting with 
	"You will need to modify objects.c on the management console."  
appears to be talking of the FW server. I have no ability to make these
changes. 

Are these changes required for the HIDE NAT, ISAKMP (ISKAMP?) section of the
article?

So bottom line, I want to know if I have a HIDE NAT device (netgear rt311) 
and use ISAKMP key management, If I do these two steps:

1)	Insure that UDP port 500 on your NAT gateway is mapped to the
SecuRemote client. FireWall-1 	tries to communicate via this port. 

2)	Make sure your NAT gateway can pass IPSEC traffic (IP Protocol 50).
If UDP Encapsulation Mode 	is used, make sure it can also pass UDP Port
2746. 

(BTW How are these steps accomplished)

Do I need to do anything else or worry about UDP encapsulation in order for
it to work?

Kevin Ruggles


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] Securemote Client and NAT
  - From: CryptoTech <[email protected]>

Prev by Date: RE: [FW1] Any mailing list for solaris ??
Next by Date: [FW1] Problem Fetching Security Policy
Previous by thread: Re: [fw1-wizards] RE: [FW1] SR behind NAting device
Next by thread: Re: [FW1] Securemote Client and NAT
Index(es):
- Date
- Thread