[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Secure Remote + NAT + IP Pool NAT
Does anyone have any experience with getting Secure Remote behind a NAT gateway working with a Checkpoint firewall that is doing IP Pool NAT? With no NAT on the client side, everything works great. With NAT on the client side, the address send to the end destination from the firewall comes out as the original IP address of the Secure Remote client. I'm using hybrid mode IKE with all the bells and whistles, and the modifications to make secure remote work with NAT... Here is a picture: OS is solaris 2.6, checkpoint version 4.1 SP3. Secure Remote Client (latest one): 10.10.10.2 NAT'ed to: 50.50.50.2 Firewall at: 40.40.40.1 pool address is: 20.20.20.0/24 Server A is: 30.30.30.1 The way I understand things, the Secure Remote client should appear to Server A as 20.20.20.x. What I see when doing a packet sniff is 10.10.10.2, which is wierd (it still works, but I don't want Server A to see the client's real address). If the client is not NAT'ed, I see 20.20.20.x come from the firewall destined for Server A as I would expect, and it works. -- Paul Keefer AMI-300B/NISC LAN/WAN Administrator================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|