Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SecuRemote and NAT

To: "'David E. Hoobler Jr.'" <[email protected]>
Subject: RE: [FW1] SecuRemote and NAT
From: "Prieto Martínez, Javier" <[email protected]>
Date: Mon, 4 Jun 2001 11:11:53 +0200
Cc: "'[email protected]'" <[email protected]>
Sender: [email protected]

but, if they make me a static one-to-one translation from a valid Internet
IP address from the external router to may local address in the internal
network... would it work?

BTW: I need to use IKE protocol, because I have an Entrust certification
server in my internal network.

     Javier Prieto Martínez 
     Equipo de Sistemas, Intranet del S.A.S.
     e-Mail: [email protected]


> -----Mensaje original-----
> De: David E. Hoobler Jr. [mailto:[email protected]]
> Enviado el: domingo 3 de junio de 2001 16:17
> Para: '"Prieto Martínez, Javier"'
> Asunto: RE: [FW1] SecuRemote and NAT
> 
> 
> I don't think that this will work.  The external interface of 
> the firewall
> must have a public IP address.  When you create a site on the 
> SecuRemote
> client, you must specify the IP address of the firewall.  If 
> you specify the
> actual private IP address, your packets will not get routed.  
> If you specify
> the IP address of the router, the NAT at the router will break the
> encryption.  This is not a matter of port redirection.
> 
> David Hoobler
> 
> 
> > -----Original Message-----
> > From:	"Prieto Martínez, Javier" 
> [SMTP:[email protected]]
> > Sent:	Friday, June 01, 2001 6:49 AM
> > To:	[email protected]
> > Cc:	'[email protected]'
> > Subject:	[FW1] SecuRemote and NAT
> > 
> > 
> > I have the following configuration (IP directions have been 
> changed for
> > security purposes):
> > 
> > 
> >   .----------.    .--------.
> >   | INTERNET |----| CLIENT |
> >   '----------'    '--------'
> >        |
> >        | 1.1.1.1
> >    .--------.
> >    | ROUTER | (NAT)
> >    '--------'
> >        | 192.168.1.1
> >        |
> >        | 192.168.1.5
> >    .-------.
> >    |  FW1  | (routing)
> >    '-------'
> >        | 192.168.2.1
> >        |
> > .--------------.
> > | Internal Net.|
> > '--------------'
> > 
> > I'm planning to use VPN1 to add secure external clients 
> connections to muy
> > internal network.
> > 
> > As I don't directly manage the external router, I need to give their
> > adminstrators the directives (ie. port mappings) we need to make it
> > possible.
> > 
> > I've read in Phoneboy's FAQ ( 
http://www.phoneboy.com/faq/0141.html ) that
> I
> need UDP Encapsulation Mode, but.. is it possible to use in my particular
> installation?
> 
> Thanks in advance,
> 
>      Javier Prieto Martínez 
>      Equipo de Sistemas, Intranet del S.A.S.
>      e-Mail: [email protected]
> 
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Source port based filtering
Next by Date: [FW1] Proxy Q
Previous by thread: [FW1] SecuRemote and NAT
Next by thread: [FW1] SecureClient 4.2-SP2 via Eigerstein-NAT_MASQ to FW-1 v 4.0
Index(es):
- Date
- Thread