NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] SR Encrypt Domain, Subnet question




there's a function within FW-1 4.1 called NAT pooling - try enabling that.
What it does is assign your SR client's an illegal ip address from a pool
of address' (in your case - some range within the 172.1.0.0 subnet ) that
you can configure on your firewall's SR interface.  By assigning a pooled
address to the VPN SR connection, the data packets know where to return to
each SR client and don't head off unencrypted through your internal
network's default gateway.

hope this helps

Ashleigh Martin
Systems Engineer
DATA#3 Limited
Ph: +61 3 9864 2000
Fx: +61 3 9864 2099
mailto: [email protected]
Web Site: http://www.data3.com.au


                                                                                                                                          
                    Tom Sevy <[email protected]>                                                                                              
                    Sent by:                                    To:     "FWList (E-mail)" <[email protected]>      
                    [email protected]        cc:                                                                       
                    kpoint.com                                  Subject:     [FW1] SR Encrypt Domain, Subnet question                     
                                                                                                                                          
                                                                                                                                          
                    16/01/2001 03:31 AM                                                                                                   
                                                                                                                                          
                                                                                                                                          




We have added a new subnet that is not local to the Firewall.  A network
Object has been created for this lan (Class B RFC 1918 172.16.0.0).  And
the
firewall (IP440) knows the route to reach this segment.

The network object has been added the the Encryption Group.

However [using SR on W2K] traffic sent to 172.16.x.x does not go through SR
and goes right out the default router unencrypted.

Did I miss any steps here?  SR can reach everything else that is local to
the FW.



================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================







================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.