| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Secure Remote + NAT + IP Pool NAT
Does anyone have any experience with getting Secure Remote
behind a NAT gateway working with a Checkpoint firewall that
is doing IP Pool NAT? With no NAT on the client side,
everything works great. With NAT on the client side, the
address send to the end destination from the firewall comes
out as the original IP address of the Secure Remote client.
I'm using hybrid mode IKE with all the bells and whistles,
and the modifications to make secure remote work with
NAT... Here is a picture:
OS is solaris 2.6, checkpoint version 4.1 SP3.
Secure Remote Client (latest one):
10.10.10.2
NAT'ed to:
50.50.50.2
Firewall at:
40.40.40.1
pool address is:
20.20.20.0/24
Server A is:
30.30.30.1
The way I understand things, the Secure Remote client should
appear to Server A as 20.20.20.x. What I see when doing a
packet sniff is 10.10.10.2, which is wierd (it still works,
but I don't want Server A to see the client's real
address). If the client is not NAT'ed, I see 20.20.20.x
come from the firewall destined for Server A as I would
expect, and it works.
--
Paul Keefer AMI-300B/NISC
LAN/WAN Administrator================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
