[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Why should the firewall be the NAT boundery?




Hi Paul,

 Clarification, you are trying to VPN into your internal network via the 
 firewall with SecuRemote.

  If so, then the firewall needs an offical IP on the external segment.
  Does the external router perform static NAT or dynamic NAT for the
firewall ?
  What VPN encryption scheme are you trying to use ?

Thanks,
Harjot (Joe) Sekhon
AT&T Canada - IES
Security Engineer



-----Original Message-----
From: Paul Murphy [mailto:[email protected]]
Sent: Friday, May 04, 2001 5:17 AM
To: [email protected]
Subject: [FW1] Why should the firewall be the NAT boundery?




I would agree with this, but it needs more explanation.  I'm not sure I
could offer a complete explanation, so...

Why should FW-1 be the NAT boundery?



>>> "Juppunov, George" <[email protected]> 5/2/2001 10:27:18 pm
>>>

No. Don't do it. Make the firewall your NAT boundary.

George

> -----Original Message-----
> From:	[email protected] [SMTP:[email protected]] 
> Sent:	Wednesday, May 02, 2001 9:09 AM
> To:	[email protected] 
> Subject:	[FW1] FW with NAT behind router
> 
> 
> 
> 
> Hi there,
> 
> has anybody made it to get FW-1 run like this?
> 
> LAN <- inofficial IP -> FW1 <- inofficial IP -> Router <- official IP ->
> Internet <- official IP -> SecuRemote
> 
> I use static NAT on the router between FW-1 and the Internet (need to be
> like
> this).
> 
> I already looked on phoneboy but didn?t find anything...
> Maybe one of you knows...?
> 
> Regards,
> Marco
> 
> 
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html 
> ==========================================================================
> ======
> 
> 
_____________________________________________________________________ 
IMPORTANT NOTICES: 
          This message is intended only for the addressee. Please notify the
sender by e-mail if you are not the intended recipient. If you are not the
intended recipient, you may not copy, disclose, or distribute this message
or its contents to any other person and any such actions may be unlawful.

         Banc of America Securities LLC("BAS") does not accept time
sensitive, action-oriented messages or transaction orders, including orders
to purchase or sell securities, via e-mail.

         BAS reserves the right to monitor and review the content of all
messages sent to or from this e-mail address. Messages sent to or from this
e-mail address may be stored on the BAS e-mail system.




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html 
============================================================================
====




----------------------------------------------------------------------------
-----------------------------------------------
CRESTCo Ltd.             The views expressed above are not necessarily those
33 Cannon Street.        held by CRESTCo Limited.
London  EC4M 5SB (UK)      
+44 (020) 7849 0000     http://www.crestco.co.uk 
----------------------------------------------------------------------------
-----------------------------------------------


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====
-----
This message was scanned by Aladdin/eSafe Protection Gateway in
coordination with Check Point Firewall-1.  This protection does not ensure
this message is virus free, however every precaution possible has been
taken on our part.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================