Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Home/Office NAT range conflicts

To: "'Jarmoc, Jeff'" <[email protected]>, "'Jeff Newton'" <[email protected]>, [email protected]
Subject: RE: [FW1] Home/Office NAT range conflicts
From: Dan Hitchcock <[email protected]>
Date: Tue, 9 Jan 2001 15:31:45 -0800
Sender: [email protected]

Perhaps this was already posted, but the solution is to run IP Pool NAT (new
to FW1 4.1).  This allows you to accomplish exactly what Jeff suggests
below: translate the SR client's source address to an internal address that
you define (i.e. you define the address range for the pool, and the SR
client's traffic appears on the internal network with an address picked out
of that pool).  This alleviates the possible problems posed by overlapping
home networks.

HTH

Dan Hitchcock
Network [email protected]
Xylo, Inc.
The work/life solution for corporate thought leaders


-----Original Message-----
From: Jarmoc, Jeff [mailto:[email protected]]
Sent: Tuesday, January 09, 2001 2:04 PM
To: 'Jeff Newton'; [email protected]
Subject: RE: [FW1] Home/Office NAT range conflicts



Boy, that is a potential problem.. and I hadn't thought about it before now.
NAT probably won't work, because SecureRemote would have to decide whether
or not to tunnel prior to the NAT taking place.  You could just have a
blanket policy that home networks must be 10.x.x.x and keep your internal
networks 192.168, or vice versa.   I'm interested to see if anyone else has
a better technical solution though.

-----Original Message-----
From: Jeff Newton [mailto:[email protected]]
Sent: Tuesday, January 09, 2001 3:51 PM
To: [email protected]
Subject: [FW1] Home/Office NAT range conflicts




I have users with private NAT ranges in their home networks accessing
the office via SecuRemote.  I see a potential problem of ip address
conflicts with the private ranges used in the office.

Any suggestions for how to deal with this?  I shudder at the idea of
having to manage/allocate ranges for use in employee's home networks.

Perhaps there is a way to NAT them on the way in?

Cheers,

----
Jeff Newton




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Freaky ICMP unreachable error - help Luke, you're my only hope
Next by Date: Re: [FW1] HA newbies question
Previous by thread: RE: [FW1] Home/Office NAT range conflicts
Next by thread: RE: [FW1] Home/Office NAT range conflicts
Index(es):
- Date
- Thread