[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] RE: PPTP thru FW1




To perform a manual static nat:

Use the policy editor:
1) Create object "foo"
2) Create an object called "foo-external"
3) Click on the tab labeled "address translation"
4) Add a rule in the address translation policy original packet section with
a source of object foo to destination of any. In the translation section
enter a source of foo-external and destination of any.
5) Add another rule in the address translation policy original packet
section with a source of object any and a destination of object
foo-external.  In the translation section enter a source of any and a
destination of foo.
6) On the firewall create a route from foo external to foo. (In other words,
Unix...route add 192.168.16.5 10.2.1.3 1

You can also do this automatically, but I foind that it is easier to do this
manually if you operate a number of firewalls.

Michael Tench 


On Tue, 01 May 2001 05:44:35 , Naresh Narang wrote:

>  
>  But how does one perform static or any NAT. Mgmt console does not let me
do 
>  it.
>  
>  Naresh
>  
>  
>  >From: "Carl E. Mankinen" <[email protected]>
>  >To: "Naresh Narang" <[email protected]>, 
>  ><[email protected]>
>  >Subject: RE:
>  >Date: Sun, 29 Apr 2001 22:25:17 -0400
>  >
>  >Static NAT, yes PPTP works.
>  >Hide NAT, no PPTP doesnt.
>  >
>  >-----Original Message-----
>  >From: [email protected]
>  >[mailto:[email protected]]On Behalf Of
>  >Naresh Narang
>  >Sent: Saturday, April 28, 2001 5:39 AM
>  >To: [email protected]
>  >Subject:
>  >
>  >
>  >
>  >Hi,
>  >
>  >I am new to this list as well as FW1. I was trying to setup a PDS 2100
box
>  >running checkpoint smalloffice. It has vpn1 and fw1 ver 4.1 I have some
>  >issues and it will be great if someone could clarify.
>  >
>  >1. Does FW1 allow NATing of protocol 47? I came across several posts as 
>  >well
>  >as on Phoneboy site it is mentioned that it does but it did not let me
do
>  >that from Management console. Without this PPTPD won't work behind fw1.
>  >
>  >2. Is it possible for SecuRemote to work from a NATed environment. FW1
>  >address is real though.
>  >
>  >Thanks,
>  >Naresh
>  >_________________________________________________________________
>  >Get your FREE download of MSN Explorer at http://explorer.msn.com
>  >
>  >
>  >
> 
>============================================================================
>  >====
>  >      To unsubscribe from this mailing list, please see the instructions
at
>  >                http://www.checkpoint.com/services/mailing.html
> 
>============================================================================
>  >====
>  >
>  >
>  
>  _________________________________________________________________
>  Get your FREE download of MSN Explorer at http://explorer.msn.com
>  
>  
>  
> 
================================================================================
>       To unsubscribe from this mailing list, please see the instructions
at
>                 http://www.checkpoint.com/services/mailing.html
> 
================================================================================
>  


Michael Tench





_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================