Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] VPN via NAT

To: [email protected]
Subject: Re: [FW1] VPN via NAT
From: Wolfgang Kueter <[email protected]>
Date: Tue, 4 Sep 2001 01:53:36 +0200
In-reply-to: <[email protected]>
Organization: SHLINK Internet Service
References: <[email protected]>
Sender: [email protected]

Rocky Stefano wrote:

> RBHATIA" <[email protected]> wrote 

Jeopardy!

Quoting repaired since I don't like playing the game, in whih the 
answer comes before the question. 

> > I had a question. We are trying to get a user to access our
> > internal network via VPN. That user is on a DSL connection and has
> > the VPN software installed. Her DSL router is configured with NAT
> > which uses a dhcp pool to assign an IP to the machines on the
> > internal LAN - her internal interface address is a non routable
> > private 10.0.0.0 network , her personal computer's IP address is
> > 10.0.0.2 and NAT is being used to mask the private IP and make it
> > routable via a public IP. However, our company LAN is also using the
> > same private non routable 10.0.0.0 range. How will her VPN 
> > connection get activated when she tried to access a resource that 
> > is on our network.

> Can't you just change the user's addressing to use a 192 range?
> Most soho firewall products already choose a 192 address anyways.

That ist one possible solution. Another one would be to change the IP 
adress of the remote client to something like 10.0.1.1 with netmask 
255.255.255.0 

Of course the router in the remote network has to be reconfigured too.

As long as the remote client LAN uses ip adresses (depending on the 
netmask of course) from the same (private) subnet as your company does, 
no IP paket will ever get beyond the router in the remote LAN. Get a 
book about routers and netmasks.

Actually this has nothing to do with firewalling at all, its just 
TCP/IP networking and routing basic knowledge.

Wolfgang
-- 
Wolfgang Kueter Netzwerkadministration & Security
SHLINK Internet Service http://www.shlink.de [email protected]
Postfach 1044, 25310 Elmshorn, Fed. Rep. Germany
Telefon: +49 4121 269 006 Fax: +49 4121 269 007

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] VPN via NAT
  - From: "Rocky Stefano" <[email protected]>

Prev by Date: [FW1] reject
Next by Date: Re: [FW1] static NAT and Antispoofing
Previous by thread: RE: [FW1] VPN via NAT
Next by thread: RE: [FW1] VPN via NAT
Index(es):
- Date
- Thread