[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SecuRemote and NAT
but, if they make me a static one-to-one translation from a valid Internet IP address from the external router to may local address in the internal network... would it work? BTW: I need to use IKE protocol, because I have an Entrust certification server in my internal network. Javier Prieto Martínez Equipo de Sistemas, Intranet del S.A.S. e-Mail: [email protected] > -----Mensaje original----- > De: David E. Hoobler Jr. [mailto:[email protected]] > Enviado el: domingo 3 de junio de 2001 16:17 > Para: '"Prieto Martínez, Javier"' > Asunto: RE: [FW1] SecuRemote and NAT > > > I don't think that this will work. The external interface of > the firewall > must have a public IP address. When you create a site on the > SecuRemote > client, you must specify the IP address of the firewall. If > you specify the > actual private IP address, your packets will not get routed. > If you specify > the IP address of the router, the NAT at the router will break the > encryption. This is not a matter of port redirection. > > David Hoobler > > > > -----Original Message----- > > From: "Prieto Martínez, Javier" > [SMTP:[email protected]] > > Sent: Friday, June 01, 2001 6:49 AM > > To: [email protected] > > Cc: '[email protected]' > > Subject: [FW1] SecuRemote and NAT > > > > > > I have the following configuration (IP directions have been > changed for > > security purposes): > > > > > > .----------. .--------. > > | INTERNET |----| CLIENT | > > '----------' '--------' > > | > > | 1.1.1.1 > > .--------. > > | ROUTER | (NAT) > > '--------' > > | 192.168.1.1 > > | > > | 192.168.1.5 > > .-------. > > | FW1 | (routing) > > '-------' > > | 192.168.2.1 > > | > > .--------------. > > | Internal Net.| > > '--------------' > > > > I'm planning to use VPN1 to add secure external clients > connections to muy > > internal network. > > > > As I don't directly manage the external router, I need to give their > > adminstrators the directives (ie. port mappings) we need to make it > > possible. > > > > I've read in Phoneboy's FAQ ( http://www.phoneboy.com/faq/0141.html ) that > I > need UDP Encapsulation Mode, but.. is it possible to use in my particular > installation? > > Thanks in advance, > > Javier Prieto Martínez > Equipo de Sistemas, Intranet del S.A.S. > e-Mail: [email protected] > > > > ========================================================================== > ====== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > ====== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|